WestJet Confirms Major Data Breach Affecting 1.2 Million Customers

Canadian airline WestJet said it suffered a significant data security incident that compromised the sensitive personal data of 1.2 million passengers.

 

Headquartered in Calgary, Alberta, WestJet is a major Canadian airline offering low-cost travel options and serving over 120 destinations across North America, Central America, the Caribbean, Asia, and Europe.

 

In a data security incident notice submitted to the Office of the Maine Attorney General, WestJet said that on June 13, it detected unusual activity within its internal network. The airline immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected network and notified relevant law enforcement authorities about the incident.

 

“The investigations to date have established that the unauthorised third party obtained certain data from our network. Since making that determination, we diligently conducted an extensive analysis of that data to identify specific data elements and locate current contact information for certain United States residents who were impacted,” WestJet said.

 

The compromised data included names, dates of birth, mailing addresses, passport details, other government issued identification documents, information associated with travel needs such as accommodations requested or complaints filed, WestJet Rewards ID numbers and points balance on the date of the incident, as well as other information linked to the use of member accounts and more.

 

WestJet has, however, confirmed that no credit card or debit card numbers, expiry dates, CVV numbers or account passwords were accessed during the incident. The filing with the Maine state regulator’s office also states that WestJet has identified at least 1.2 million WestJet passengers affected by the incident.

 

The airline company has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. 

 

It has also offered two years of complimentary identity protection and credit monitoring services through Cyberscout to all affected individuals.