Canadian airline WestJet has revealed that some passenger information was exposed in a cybersecurity breach earlier this year, though the company stressed that no payment data was compromised.
The carrier said it detected suspicious activity on 13 June and later confirmed that a “sophisticated, criminal third party” had gained unauthorised access to its systems.
WestJet said the information affected varied but could include names, contact details, travel records and documents linked to bookings. Credit card and debit card details, including numbers, expiry dates and security codes, were not accessed.
The airline has been working with law enforcement agencies including the FBI and the Canadian Centre for Cyber Security.
The incident comes amid growing concern over cyber threats in the aviation industry, where reliance on complex digital systems and large volumes of passenger data has made carriers and suppliers a target.
Earlier this month, a ransomware attack on Collins Aerospace, part of RTX, disrupted operations at several major European airports, including London Heathrow and Berlin, forcing airlines to rely on manual check-in and baggage handling processes.
Boris Cipot, senior security engineer at Black Duck, said, “This incident serves as a stark reminder that every company, regardless of size or market, is a potential target for cyber attacks.
“WestJet is not the only company in the aviation industry to experience an attack; the recent ransomware attack on Collins Aerospace, which disrupted European airport operations, alongside the WestJet breach, paints a concerning picture.
“It suggests that cybercriminals may be targeting not just company data but also critical infrastructure.
“Airlines and airfields must reassess their cybersecurity posture, particularly their reliance on third-party systems, and invest in resilience strategies that go beyond mere compliance.
“Although payment data was not compromised, the exposure of personal travel information, including names, contact details, travel data, and reservation-related documents, poses risks of identity theft and fraud.
“Affected customers should be cautious of phishing attacks and scams. WestJet has provided guidance and offers identity protection services to impacted customers.”
