WestJet announced that a cyberattack in June resulted in the exposure of some passengers’ personal information, although the airline reassured that the breach did not compromise most sensitive data. The incident, attributed to a sophisticated criminal third party, prompted WestJet to issue a notice to U.S. residents as part of its ongoing investigation.
The airline confirmed that its internal security measures effectively prevented the theft of customers’ credit card and debit card details, including numbers, expiration dates, and CVV codes. No user passwords were compromised. However, certain passengers had their personal details exposed, such as names, contact information, reservation-related data, travel documents, and information on their association with WestJet.
Following the breach, WestJet has completed containment measures and implemented additional system and data security protocols. The airline stated that it continues to analyze the situation and will further enhance its cybersecurity safeguards. Affected customers will receive support directly from WestJet, along with informational guidance available on the company’s website.
To assist affected customers, WestJet has enlisted the services of Cyberscout for fraud assistance and remediation. The airline emphasized its cooperation with law enforcement agencies, including the U.S. Federal Bureau of Investigation and the Canadian Centre for Cyber Security. WestJet has informed relevant authorities, such as U.S. credit reporting agencies TransUnion, Experian, and Equifax, as well as various U.S. state attorneys general, Transport Canada, the Office of the Privacy Commissioner of Canada, and corresponding provincial and international entities.
