British Airways announced it's investigating a customer data breach that affected about 380,000 transactions.
The airline said Thursday that hackers stole data from customers who booked tickets between August 21 and September 5 on its website and mobile app. British Airways said the thieves did not get a hold of anyone's travel or passport information.
As of Thursday evening, the airline had already contacted every customer whose data was stolen and said it will compensate them for any "financial losses suffered."
But U.K. information regulators could end up fining British Airways over the breach.
Under a new EU data protection law introduced this year, companies that don't protect their customers from privacy and data breaches can be fined as much as 4 percent of their annual global revenue.
The BBC reports that, based off British Airways' revenue for the year 2017, the maximum penalty imposed for this breach would be about $634 million.