WestJet Data Breach Impacts 1.2 Million Customers

Published 2025-10-06 02:53:50 | www.infosecurity-magazine.com
Data Breach Westjet Cybersecurity Identity Theft

🎙️ Paranoid Newscast

📄 Download Executive Briefing Pack (PDF)
WestJet has disclosed a data breach affecting 1.2 million customers due to a cyber-attack in June 2025. Personal information, including names and contact details, was accessed, although sensitive data such as credit card numbers and passwords remain secure.

Canadian airline WestJet has revealed that 1.2 million customers have been impacted by a data breach following a June 2025 cyber-attack. The firm provided the update in a data breach notification to the Office of the Maine Attorney General on September 29. Following an investigation into the network intrusion, WestJet found that a range of customers’ personal information was accessed by the “criminal third party.” This included names, contact details, documents and information provided in connection with their reservation and travel, and data regarding their relationship with WestJet. Additionally, for WestJet Rewards Members, information linked to their membership may have been accessed by the attackers. This data could include their WestJet Rewards ID number and points balance on the date of the incident, as well as other information linked to the use of their account. Passwords used to access Rewards accounts were not included in the breach. WestJet RBC Mastercard, WestJet RBC World Elite Mastercard, or WestJet RBC World Elite Mastercard for Business cardholders may have had additional information compromised. This may include a credit card identifier type and information about changes to their WestJet points balance. The data involved varies for individual customers, who are each being contacted by the firm about the incident. “Importantly, credit card or debit card numbers, expiry dates and CVV numbers, and guest user passwords, were not compromised, and our systems are fully secure. At no time was the safety and integrity of our operations ever in question,” WestJet wrote in its notification letter to customers. The airline acknowledged that the stolen data could be used for identity theft and fraud attacks, including in the context of any booked travel. While it is not aware of any such misuse, the firm is offering identity theft protection services to relevant individuals “where appropriate.” WestJet is cooperating with Canadian law enforcement and government agencies as it continues to investigate the incident. No details about how the attack occurred have been shared. WestJet said the attack was carried out by a “sophisticated, criminal third party,” who gained unauthorized access to its systems. “Given the significant importance of data security to the integrity of our business, we are prepared for incidents of this nature and followed our response planning by taking immediate action to contain the incident and secure our systems. As a result, at no point was the safety and integrity of our airline operations in question,” WestJet noted.