Cyber Attack cyber

WestJet

Jun 1, 2025 3 min read
WestJet

WestJet, a Canadian airline, confirmed a cybersecurity breach in June 2025 where a criminal third party accessed its network, exposing passengers' personal data. While flight operations and financial details (credit cards, passwords) remained secure, stolen information included names, dates of birth, mailing addresses, passport/government ID details, and WestJet Rewards data (IDs, point balances). Non-sensitive data for WestJet RBC Mastercard holders was also compromised. The airline collaborated with law enforcement (FBI) and regulators (Transport Canada), offering 24 months of free identity theft monitoring via TransUnion, including $1M expense reimbursement. The breach, attributed to social engineering tactics like phishing, underscored risks of identity theft and scams from exposed travel-related data. No ransomware was explicitly confirmed, but the attack highlighted vulnerabilities in customer service roles and human risk management.

Source: https://hackread.com/westjet-cyberattack-passenger-ids-passports-stolen/

TPRM report: https://www.rankiteo.com/company/westjet

"id": "wes5902059100225",
"linkid": "westjet",
"type": "Cyber Attack",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'some passengers (exact number '
                                              'unspecified)',
                        'industry': 'aviation',
                        'location': 'Calgary, Canada',
                        'name': 'WestJet',
                        'type': 'airline'}],
 'attack_vector': ['social engineering',
                   'phishing (likely via phone calls)',
                   'unauthorized network access'],
 'customer_advisories': ['24-month identity theft monitoring via TransUnion',
                         'urge to monitor accounts for suspicious activity'],
 'data_breach': {'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': ['low (for most individuals)',
                                         'high (for identity theft risk due to '
                                         'PII)'],
                 'type_of_data_compromised': ['names',
                                              'dates of birth',
                                              'mailing addresses',
                                              'travel document details '
                                              '(passports, government-issued '
                                              'IDs)',
                                              'WestJet Rewards ID numbers',
                                              'Rewards point balances (as of '
                                              'incident date)',
                                              'non-sensitive WestJet RBC '
                                              'Mastercard holder data']},
 'date_detected': '2025-06-13',
 'date_publicly_disclosed': '2025-06-13',
 'date_resolved': '2025-09-15',
 'description': 'WestJet, a leading Canadian airline, confirmed a '
                'cybersecurity attack that exposed personal information of '
                'some passengers. The incident began on June 13, 2025, with '
                'suspicious activity detected, including restricted access to '
                'internal systems and the WestJet app. The airline activated '
                'specialized teams and external security experts to address '
                'the breach. The review of affected data was finalized on '
                'September 15, 2025. While flight operations and sensitive '
                'financial data (e.g., credit card numbers, passwords) '
                'remained secure, stolen data included names, dates of birth, '
                'mailing addresses, travel document details (e.g., passports), '
                'WestJet Rewards IDs, point balances, and non-sensitive data '
                'for WestJet RBC Mastercard holders. The airline is offering '
                '24 months of complimentary identity theft monitoring via '
                'TransUnion and collaborating with law enforcement, including '
                'the FBI, and regulatory bodies like Transport Canada.',
 'impact': {'brand_reputation_impact': 'potential reputational damage due to '
                                       'passenger data exposure',
            'data_compromised': True,
            'identity_theft_risk': 'high (due to exposure of names, DOBs, '
                                   'addresses, passport/ID details)',
            'operational_impact': 'restricted access for users; no impact on '
                                  'flight operations',
            'payment_information_risk': 'none (financial data not compromised)',
            'systems_affected': ['internal systems', 'WestJet app']},
 'initial_access_broker': {'entry_point': ['likely social engineering '
                                           '(phone-based phishing)',
                                           'compromised legitimate account'],
                           'high_value_targets': ['passenger PII',
                                                  'WestJet Rewards data']},
 'investigation_status': 'completed (as of September 15, 2025)',
 'lessons_learned': 'Organizations must prioritize human risk management (HRM) '
                    'to mitigate social engineering attacks (e.g., phishing, '
                    'phone scams) targeting customer service roles. Proactive '
                    'measures like multi-factor authentication (MFA) hardening '
                    'and employee training are critical to prevent credential '
                    'theft and lateral movement by attackers.',
 'motivation': ['financial gain', 'data theft'],
 'post_incident_analysis': {'corrective_actions': ['Offering identity theft '
                                                   'protection to affected '
                                                   'customers.',
                                                   'Collaborating with law '
                                                   'enforcement (FBI) and '
                                                   'regulators (Transport '
                                                   'Canada).',
                                                   'Potential review of HRM '
                                                   'and MFA policies (implied '
                                                   'by expert commentary).'],
                            'root_causes': ['social engineering attack (likely '
                                            'phishing via phone calls)',
                                            'compromised employee credentials',
                                            'inadequate MFA protections for '
                                            'help desk']},
 'ransomware': {'data_exfiltration': True},
 'recommendations': ['Implement robust human risk management (HRM) programs to '
                     'address social engineering threats (phone, email, SMS).',
                     'Enhance MFA protocols for help desk and outward-facing '
                     'teams to prevent account takeovers.',
                     'Monitor dark web for stolen credentials or data related '
                     'to the breach.',
                     'Conduct regular security awareness training for '
                     'employees, especially in customer-facing roles.',
                     'Evaluate and strengthen incident response plans to '
                     'minimize data exposure and downtime.'],
 'references': [{'source': 'WestJet Advisory (June 2025)'},
                {'source': 'WestJet Notification (PDF, September 2025)'},
                {'source': 'Hackread.com - Erich Kron (CISO Advisor, KnowBe4) '
                           'Commentary',
                 'url': 'https://www.hackread.com'}],
 'regulatory_compliance': {'regulatory_notifications': ['Transport Canada']},
 'response': {'communication_strategy': ['public advisory (June 2025)',
                                         'PDF notification (September 2025)',
                                         'customer outreach for affected '
                                         'individuals'],
              'incident_response_plan_activated': True,
              'law_enforcement_notified': True,
              'remediation_measures': ['collaboration with law enforcement '
                                       '(FBI)',
                                       'regulatory notifications (Transport '
                                       'Canada)',
                                       'offering 24-month identity theft '
                                       'monitoring via TransUnion'],
              'third_party_assistance': ['external security experts',
                                         'forensic experts']},
 'stakeholder_advisories': ['public statements', 'regulatory notifications'],
 'threat_actor': 'criminal third party',
 'title': 'WestJet Cybersecurity Attack Exposes Passenger Personal Information',
 'type': ['data breach', 'ransomware attack']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.