WestJet has disclosed that a cyberattack in June compromised certain passengers’ personal data, although the airline reassures that most of the information accessed was not considered “sensitive.” The incident, which occurred on June 13, was attributed to a sophisticated criminal third party, according to the airline’s recent communication to U.S. residents as part of its ongoing investigation.
The airline confirmed that its internal security measures successfully prevented cybercriminals from obtaining credit card and debit card details, including numbers, expiry dates, and CVV codes. Additionally, no user passwords were compromised. However, some passengers’ personal details were exposed, including their names, contact information, reservation-related data, travel information, and documents, as well as details about their interactions with WestJet.
WestJet stated that it has completed containment measures and implemented additional system and data security safeguards. The airline emphasized that it is continuously analyzing the situation and will further bolster its cybersecurity protocols. Affected customers will receive support directly from WestJet, and the airline has posted guidance on its official website.
To assist impacted customers, WestJet has enlisted the services of Cyberscout for fraud assistance and remediation. The airline affirmed its cooperation with law enforcement agencies, such as the U.S. Federal Bureau of Investigation and the Canadian Centre for Cyber Security. WestJet also informed relevant authorities, including U.S. credit reporting agencies like TransUnion, Experian, and Equifax, as well as various U.S. state attorneys general, Transport Canada, the Office of the Privacy Commissioner of Canada, and other provincial and international regulatory bodies.
