Canadian airline WestJet announced on Monday that personal data belonging to some of its passengers was compromised in a cybersecurity incident earlier this year. The company stressed that financial information, including payment card details, remained unaffected.
The breach was first detected on June 13, when WestJet noticed unusual activity within its systems. A subsequent investigation revealed that a “sophisticated, criminal third party” had managed to gain unauthorized entry.
The aviation sector, which relies heavily on advanced digital platforms to manage passenger services, has increasingly become a target for cyberattacks because of the large amount of sensitive data it processes.
Only weeks before WestJet’s disclosure, a ransomware attack on Collins Aerospace, a subsidiary of RTX, severely disrupted airport operations across Europe.
That incident shut down check-in and baggage handling systems at major travel hubs, including London’s Heathrow and Berlin airports, underscoring the vulnerability of aviation networks.
Related story: Collins Aerospace Races to Restore Airline Software After Cyberattack
Details of the Data Breach
According to WestJet, the scope of the compromised data differed by individual but could have included passenger names, contact information, booking details, and identification documents linked to travel reservations.
The airline emphasized that no credit card or debit card numbers, expiration dates, or CVV codes were exposed.
In its notification to affected U.S. residents, the company explained that it had taken immediate steps to collaborate with law enforcement agencies.
These included the Federal Bureau of Investigation and the Canadian Centre for Cyber Security. Additionally, the airline said it had alerted state attorneys general in the U.S. where passengers’ information may have been impacted.
WestJet’s response reflects the growing challenge for airlines and aerospace companies, which continue to grapple with increasingly complex cyber threats.
While customer payment data was spared in this case, the exposure of personal and travel-related information highlights the ongoing risks faced by organizations that manage large volumes of digital records.
The carrier has not disclosed the exact number of passengers affected by the breach, but its swift move to work with authorities signals an attempt to maintain trust among its customers.
The incident also adds to a string of recent attacks against the aviation and aerospace sectors, illustrating how cybercriminals are exploiting the industry’s reliance on interconnected systems.
As cyberattacks grow in scale and sophistication, WestJet’s experience serves as another reminder that even established carriers are not immune to digital intrusions.
The airline said it continues to monitor its systems closely while cooperating with investigators to ensure the protection of customer data going forward.
Read next: Cyber Threat Data Sharing at Risk as Key U.S. Law Nears Expiration