In mid-June 2023, WestJet, a Canadian airline, suffered a cybersecurity breach executed by a sophisticated criminal third party that infiltrated its IT systems. While the breach was swiftly contained and did not compromise flight safety, credit card details (including CVV numbers and expiration dates) or customer passwords, sensitive passenger information was exfiltrated. The stolen data varied in sensitivity: for most affected individuals, the exposed information was non-sensitive, but for a subset of customers, it included personal details (name, contact information), travel-related documents (reservation and booking data), and records of their relationship with WestJet. The airline conducted a forensic investigation with internal and external experts, collaborating with Transport Canada, the FBI, the Canadian Centre for Cyber Security, and credit agencies (TransUnion, Experian, Equifax) to mitigate risks. WestJet is actively notifying impacted customers, though the exact scale of the breach beyond the confirmation of personal (non-financial) data leakage remains undisclosed. The incident aligns with a broader trend of escalating cyber threats in the aviation sector, following similar attacks on Qantas, Aeroflot, and Collins Aerospace in 2023.
TPRM report: https://www.rankiteo.com/company/westjet
"id": "wes5502955093025",
"linkid": "westjet",
"type": "Breach",
"date": "6/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Undisclosed (subset of '
'passengers; notifications in '
'progress)',
'industry': 'Aviation/Transportation',
'location': 'Calgary, Canada',
'name': 'WestJet',
'type': 'Airline'}],
'customer_advisories': 'Direct outreach to impacted individuals',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'Mixed (mostly non-sensitive; subset '
'includes sensitive PII)',
'type_of_data_compromised': ['Personal identifiable '
'information (PII)',
'Travel/reservation documents',
'Customer relationship data']},
'date_detected': '2023-06-01T00:00:00Z',
'date_publicly_disclosed': '2023-06-01T00:00:00Z',
'description': 'Canadian carrier WestJet confirmed a mid-June cybersecurity '
'breach involving the escape of some sensitive passenger '
'information. While credit card details and passwords remained '
'uncompromised, certain personal data such as names, contact '
'details, reservation/travel documents, and relationship data '
"with WestJet was accessed by a 'sophisticated, criminal third "
"party.' The breach was contained quickly and did not pose "
'risks to flight safety. WestJet conducted a forensic '
'investigation with internal and external experts, cooperating '
'with Transport Canada, the FBI, the Canadian Centre for Cyber '
'Security, and credit agencies (TransUnion, Experian, '
'Equifax). Efforts are underway to notify affected customers.',
'impact': {'brand_reputation_impact': 'Potential reputational harm (customer '
'notifications ongoing)',
'data_compromised': ['Names',
'Contact details',
'Reservation and travel documents',
'Relationship data with WestJet'],
'identity_theft_risk': 'Low (no credit card or password data '
'exposed)',
'operational_impact': 'None (flight safety not compromised)',
'payment_information_risk': 'None (CVV, expiration dates, and '
'passwords uncompromised)',
'systems_affected': ['WestJet databases']},
'initial_access_broker': {'high_value_targets': ['Passenger databases']},
'investigation_status': 'Completed (forensic investigation concluded)',
'ransomware': {'data_exfiltration': True},
'references': [{'date_accessed': '2023-09-29',
'source': 'WestJet Public Statement (29 September 2023)'},
{'source': 'Media reports on Qantas/Aeroflot/Collins Aerospace '
'incidents (contextual)'}],
'regulatory_compliance': {'regulatory_notifications': ['Transport Canada',
'US Federal Bureau of '
'Investigation (FBI)',
'Canadian Centre for '
'Cyber Security',
'Credit agencies '
'(TransUnion, '
'Experian, Equifax)']},
'response': {'communication_strategy': 'Proactive customer notifications; '
'cooperation with regulators/credit '
'agencies',
'containment_measures': 'Threat quickly contained (details '
'unspecified)',
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'third_party_assistance': True},
'stakeholder_advisories': 'Ongoing notifications to affected customers',
'threat_actor': 'Sophisticated criminal third party (unidentified)',
'title': 'WestJet Cybersecurity Breach (June 2023)',
'type': 'Data Breach'}