WestJet is notifying U.S. residents that their personal information may have been compromised in a cybersecurity incident first detected in June, the airline confirmed Monday.
The Calgary-based carrier stated that it identified suspicious activity on its systems on June 13 and subsequently determined that a “sophisticated, criminal third party” had gained unauthorized access. While the airline stressed that its flight operations were never at risk, investigators confirmed that some data was obtained.
In a notice released on Monday, WestJet said it has completed an extensive analysis of the stolen data and identified U.S. residents whose information may have been exposed. The airline is now contacting those individuals directly and has posted additional guidance on its website.
WestJet emphasized that no credit card or debit card numbers, CVV codes, expiry dates, or guest passwords were accessed.
June cybersecurity incident
When the breach was first disclosed in June, WestJet reported that some guests experienced intermittent disruptions on its website and mobile app. At the time, the airline stated that it was collaborating with third-party cybersecurity experts and law enforcement to assess the extent of the incident and protect its systems.
Operations were not impacted, but WestJet warned customers to exercise caution when sharing personal information and pledged to provide regular updates as the investigation unfolded.
WestJet says containment of the incident is complete, though analysis continues. The airline is urging potentially affected individuals to remain vigilant by monitoring account statements and credit reports for suspicious activity.
“We sincerely regret this situation, and we remain grateful for the support and patience of the thousands of guests and WestJetters who place their trust in us,” the company said in its latest statement.