When it comes to security breaches, there’s nothing quite as unsettling as having your personal information compromised. Unfortunately, this is currently the reality for several WestJet customers.
The Canadian airline has officially confirmed that a cyberattack, first noted in June, has led to the exposure of sensitive personal data belonging to its passengers. Notifications sent out to those affected reveal that the breached information includes full names, dates of birth, and in some instances, passport and government ID details. The airline’s confirmation arrives nearly three months after the incident was first reported, following an internal investigation that wrapped up on September 15.
WestJet initially alerted customers about the cybersecurity issue on June 13, when operations were disrupted and the WestJet mobile app temporarily went offline. At that time, the airline had not detailed the extent of the data breach, but they reassured customers that steps were being taken to safeguard personal information. While the perpetrators have not been officially named, the incident coincided with reports of the hacking group “Scattered Spider” targeting aviation sector organizations.
The investigation has since confirmed that a broad range of customer data was accessed. Depending on the individual, this may include names, birth dates, mailing addresses, travel documents like passports, and other government-issued IDs, as well as details related to accommodations and complaints. Members of the WestJet Rewards program may have had their Member IDs, point balances, and associated information compromised. Additionally, some data linked to WestJet RBC Mastercards was also affected.
However, the airline has reassured customers that more sensitive financial information was not compromised. Specifically, credit or debit card numbers, expiry dates, CVV codes, and WestJet account passwords were not part of the breach.
WestJet is keeping its customers informed, stating that the investigation to fully assess the incident is ongoing. Although they are sending notifications to confirmed victims, the airline has cautioned that this may not cover everyone affected. They are also advising those who received notices to inform any others who may have traveled under the same booking reference, as their personal details might also be at risk.
While WestJet is based in Canada, the implications stretch across borders, especially given the volume of flights to and from the U.S. The Federal Bureau of Investigation (FBI) is also involved in the ongoing investigation. To bolster customer confidence, WestJet has implemented several measures to prevent future breaches and is offering affected individuals a complimentary two-year subscription to an identity theft protection and monitoring service, available until November 30.
While it might be too late for some, WestJet’s efforts show a commitment to addressing and rectifying this serious security issue.
Source: Bleeping Computer
