WestJet Airlines confirmed Monday that a cybersecurity breach earlier this year exposed personal information of some passengers, though no payment card data was compromised.
The airline detected suspicious activity on June 13, later confirming that a “sophisticated, criminal third party” gained unauthorized access to its systems.
What data was exposed
The type of passenger information accessed varied, WestJet said, but could include:
Names
Contact details
Travel information
Reservation-related documents
The airline emphasized that no credit card numbers, debit card data, or CVV information were taken.
Wider aviation industry threat
The attack underscores the vulnerability of airlines as they increasingly rely on digital systems and passenger data. Earlier this month, a ransomware attack on Collins Aerospace, a unit of RTX, disrupted airport check-in and baggage systems in Europe, including at London Heathrow and Berlin.
WestJet’s response
WestJet said it is working closely with the FBI and the Canadian Centre for Cyber Security in its investigation. Authorities in both Canada and the U.S. have been notified, including state attorneys general where U.S. residents were affected.
The airline pledged to strengthen its systems and continue cooperating with law enforcement as the investigation progresses.
