WestJet, a Canadian airline, experienced a **cybersecurity breach** in mid-2024 after detecting suspicious activity on **June 13**. A **sophisticated criminal third party** gained unauthorized access to its systems, exposing **personal passenger data**, including **names, contact details, travel information, and reservation-related documents**. While no **payment data (credit/debit card numbers, expiration dates, or CVV codes)** was compromised, the breach highlighted vulnerabilities in the aviation sector’s digital infrastructure. The airline collaborated with **law enforcement (FBI, Canadian Centre for Cyber Security)** and notified affected U.S. residents and state authorities. The incident underscores rising threats to airlines, which store vast passenger data and rely on interconnected digital systems. Separately, a **ransomware attack on Collins Aerospace** (a RTX subsidiary) recently disrupted European airports, further emphasizing the sector’s exposure to cyber risks. WestJet’s breach, though limited in financial impact, poses **reputational and operational risks**, particularly given the sensitivity of exposed traveler information.
Source: https://www.yahoo.com/news/articles/canadas-westjet-says-passenger-data-142015575.html
TPRM report: https://www.rankiteo.com/company/westjet
"id": "wes4192341092925",
"linkid": "westjet",
"type": "Breach",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'some passengers (exact number '
'unspecified)',
'industry': 'aviation',
'location': 'Canada',
'name': 'WestJet',
'type': 'airline'}],
'customer_advisories': 'public statement and direct notices to affected '
'individuals',
'data_breach': {'data_exfiltration': "likely (data was 'exposed' and accessed "
'by unauthorized party)',
'file_types_exposed': ['reservation documents'],
'personally_identifiable_information': True,
'sensitivity_of_data': 'moderate to high (includes PII but '
'excludes payment data)',
'type_of_data_compromised': ['personal information',
'travel-related data']},
'date_detected': '2023-06-13',
'date_publicly_disclosed': '2023-09-18',
'description': 'Canadian carrier WestJet detected a cybersecurity breach in '
"June 2023, where a 'sophisticated, criminal third party' "
'gained unauthorized access to its systems. The breach exposed '
'personal information of some passengers, including names, '
'contact details, travel information, and reservation '
'documents. No payment data (credit/debit card numbers, '
'expiration dates, or CVV numbers) was compromised. WestJet '
'collaborated with law enforcement, including the FBI and the '
'Canadian Centre for Cyber Security, and notified affected '
'U.S. state attorneys general.',
'impact': {'brand_reputation_impact': 'potential negative impact (not '
'quantified)',
'data_compromised': ['names',
'contact details',
'travel information',
'reservation documents'],
'identity_theft_risk': 'possible (due to exposed PII)',
'payment_information_risk': 'none (explicitly stated no payment '
'data was compromised)'},
'investigation_status': 'ongoing (collaboration with law enforcement)',
'references': [{'date_accessed': '2023-09-18', 'source': 'Reuters'}],
'regulatory_compliance': {'regulatory_notifications': ['U.S. state attorneys '
'general (for affected '
'residents)',
'Canadian Centre for '
'Cyber Security']},
'response': {'communication_strategy': 'public disclosure and notices to '
'affected U.S. residents',
'incident_response_plan_activated': True,
'law_enforcement_notified': True},
'stakeholder_advisories': 'notices issued to U.S. residents',
'threat_actor': 'sophisticated, criminal third party',
'title': 'WestJet Cybersecurity Breach Exposes Passenger Personal Information',
'type': ['data breach', 'unauthorized access']}