WestJet begins notifying US customers of data breach after June cyberattack

Canada’s WestJet Airlines has begun notifying American customers that their personal information may have been exposed following a cyberattack first detected in June.

The Calgary-based carrier said it identified suspicious activity in its systems on June 13, 2025, and later confirmed that hackers had accessed sensitive customer data. Email notices sent in September to affected WestJet Loyalty members warned that the stolen data could be misused for identity theft or fraud.

According to the company’s Cyber Response team, the compromised information varies by individual but may include names, dates of birth, gender, email and mailing addresses, phone numbers, travel booking details, and government-issued identification used for travel. The breach also affected information linked to family members traveling under the same reservation and certain travel-related requests or complaints.

WestJet emphasized that financial information such as credit and debit card numbers, expiration dates, CVV codes, and guest account passwords were not compromised. However, the company confirmed that some data connected to WestJet RBC Mastercard accounts may have been impacted, including card type and loyalty points balances. Details linked to WestJet Rewards accounts, such as account numbers and points activity on June 13, were also included in the breach.

The airline said it has notified relevant U.S. state attorneys general and stressed that the incident did not affect flight safety or operational integrity. Customers who received notification letters are being offered free credit monitoring services.

While WestJet did not identify the group responsible, cybersecurity researchers believe the breach may be linked to Scattered Spider, also known as UNC3944, a ransomware group that has recently targeted the North American aviation sector. The group has been linked to earlier breaches involving Hawaiian Airlines and Alaska Airlines.

The Office of the Privacy Commissioner of Canada has launched an official investigation into the incident, working with the Canadian Centre for Cyber Security and the FBI.