Earlier this year, WestJet revealed that some of its passengers were affected by a cyberattack that resulted in the theft of personal information. The WestJet data breach, which took place in June 2025, has now been confirmed to be targeting passenger data.
While the airline has confirmed that no credit card numbers, debit card details, or user passwords were compromised, the breach involved sensitive information such as passports and other travel-related data.
The WestJet Data Breach
The WestJet data breach was discovered on June 13, 2025, when the airline detected suspicious activity within its systems. A subsequent investigation confirmed that an unauthorized third party had gained access to parts of the airline’s infrastructure.
The stolen data varies for each affected individual, but it includes personal details such as names, dates of birth, email addresses, phone numbers, and mailing addresses. Additionally, recent travel booking information, including booking numbers, was also compromised.
More concerning, however, is the exposure of travel documents, such as passports or other government-issued identification information, which are highly sensitive and valuable to criminals.
WestJet clarified that no credit card or debit card numbers were obtained during the cyberattack. Similarly, user passwords associated with accounts were not part of the breach. Despite these reassurances, the stolen personal data, including travel history and passport information, could still be used for identity theft or fraud.
Response to the WestJet Cyberattack
Upon discovering the WestJet data breach, the airline immediately took steps to contain the incident. The airline worked with both internal and external cybersecurity experts to investigate the nature and scope of the breach. Although the airline confirmed that no flight operations were disrupted, it acknowledged that certain personal data had been stolen.
WestJet also offered affected passengers complimentary identity theft protection and monitoring services for 24 months, to help mitigate the potential risks stemming from the breach.
Regulatory Oversight and Ongoing Investigation
Following the WestJet data breach, the airline notified the relevant authorities, including Canada’s Privacy Commissioner, Transport Canada, and other provincial and international bodies.
The breach is under investigation by the Office of the Privacy Commissioner of Canada, which will assess whether the airline met its legal obligations regarding data protection. In addition, WestJet has worked closely with law enforcement agencies and the Canadian Centre for Cyber Security to identify the perpetrators behind the attack.
While WestJet has contained the breach, the investigation is still ongoing. The airline has implemented additional security measures to strengthen its systems and prevent similar incidents in the future. The company has also made further updates to its cybersecurity protocols as part of its ongoing response to the attack.
Conclusion
The Cyber Express has reached out to the airline to learn more about this cyberattack. However, at the time of writing this, no official information or statement has been received. This is an ongoing story, and The Cyber Express will be closely monitoring the situation.
Source: Read More