WestJet says some passengers’ personal information was obtained in a cyberattack in June, however it believes the breach did not involve “sensitive” data in most cases.
The airline issued a notice to U.S. residents on Monday related to its ongoing probe into the June 13 incident, which it said was carried out by a “sophisticated, criminal third party.”
It said its internal precautionary measures prevented attackers from gaining customers’ credit card and debit card numbers, expiry dates and CVV numbers, and that no user passwords were stolen.
Calgary-based Westjet said some passengers’ personal information was exposed in the June cyberattack, but that internal precautionary measures prevented attackers from gaining access to credit and debit card numbers and passwords.
Global News
However, some passengers’ personal information was exposed, such as their name, contact details, information and documents provided in connection with their reservation and travel, along with data regarding their relationship with WestJet.
“Containment is complete, and some additional system and data security measures have been implemented,” it said in a news release.
Get daily National news
Get the day’s top news, political, economic, and current affairs headlines, delivered to your inbox once a day.
“However, analysis is ongoing, and WestJet will continue to take measures to further enhance its cybersecurity protocols.”
The airline said it would contact affected customers to provide support and has posted guidance on its website.
WestJet has also retained Cyberscout to provide affected customers with fraud assistance and remediation services.
It said it is co-operating with law enforcement including the U.S. Federal Bureau of Investigation and the Canadian Centre for Cyber Security.
WestJet said it has notified other relevant authorities, such as U.S. credit reporting agencies TransUnion, Experian, and Equifax, attorneys general of various U.S. states, Transport Canada, the Office of the Privacy Commissioner of Canada and its provincial and international counterparts.
The “cybersecurity incident” temporarily affected access to some of the airlines servers and software when it occurred, however Westjet said at the time that its airline operations continued to run smoothly.
With files from Global News.
© 2025 The Canadian Press
