WestJet revealed that a cyberattack in June resulted in the unauthorized access of some passengers’ personal information, although the airline reassured that most of the compromised data was not classified as “sensitive.” The incident, which occurred on June 13, was attributed to a sophisticated criminal third party, prompting WestJet to issue a notice to U.S. residents as part of its ongoing investigation.
The airline confirmed that its internal security measures successfully prevented the hackers from obtaining customers’ credit card and debit card details, including card numbers, expiry dates, and CVV numbers, as well as ensuring that no user passwords were compromised. However, certain personal details of passengers were exposed, such as their names, contact information, reservation-related information and documents, travel details, and data related to their interactions with WestJet.
WestJet assured the public that containment measures have been fully implemented, with additional system enhancements and data security protocols now in place. The airline emphasized that continuous analysis is being conducted, with a commitment to further bolster its cybersecurity defenses.
Efforts are underway to provide support to affected customers directly, with informational resources made available on WestJet’s website. The airline has enlisted the services of Cyberscout to offer affected individuals fraud assistance and remediation support. Collaboration with law enforcement agencies, including the U.S. Federal Bureau of Investigation and the Canadian Centre for Cyber Security, is ongoing.
WestJet has taken the initiative to inform various relevant authorities, such as U.S. credit reporting agencies TransUnion, Experian, and Equifax, as well as the attorneys general of multiple U.S. states, Transport Canada, the Office of the Privacy Commissioner of Canada, and corresponding provincial and international regulatory bodies.