WestJet, Canada’s second-largest airline, has confirmed a cybersecurity breach that occurred in June. The attack compromised some of the company’s internal systems and mobile app, temporarily blocking access for numerous users. The company acted quickly to mitigate the situation, deploying specialized internal teams and coordinating with law enforcement and Transport Canada to manage the incident. Despite the breach, the airline stated that its operational safety was never at risk, and its primary focus remained on protecting sensitive personal data. WestJet is advising both customers and employees to be more cautious when sharing personal information.
The airline’s notification letter to affected individuals detailed the types of information that may have been exposed. This varied by person but could include names, dates of birth, mailing addresses, and travel document information like passport or other government-issued ID numbers. The company stressed that no credit or debit card numbers, expiration dates, or CVV numbers were compromised. For WestJet Rewards members, the breach may have involved their rewards ID number and points balance, though account passwords were not affected. The airline confirmed that it has no reason to believe that loyalty points are at risk.
For customers who hold a WestJet RBC Mastercard, additional information may have been exposed, such as a credit card identifier type and details about changes to their points balance. WestJet again emphasized that credit card numbers, expiration dates, and CVVs were not part of the compromised data. The airline is still assessing the full scope of the breach with the help of experts and the FBI. WestJet noted that these types of investigations are complex and are currently ongoing.
In response to the incident, the airline claims it has already implemented new security measures to prevent similar incidents in the future. As an extra layer of protection, WestJet is offering affected customers free, two-year identity theft protection through TransUnion. This service includes identity alerts, fraud assistance, help with restoring compromised accounts, and up to $1 million in insurance coverage.
Reference:
