01.10.2025
2 min
508
Canadian airline WestJet said a June cyberattack resulted in the leakage of sensitive passenger data, including passports and government IDs. An investigation, completed on September 15, found that attackers gained access to personal customer data. This included full names, dates of birth, addresses, travel documents, booking and complaint information, as well as WestJet Rewards and WestJet RBC Mastercard partner card data.
The company emphasizes that credit and debit card numbers, CVV codes, expiration dates and passwords of users were not compromised. At the same time, it warns passengers who traveled on joint bookings, as the data of fellow travelers may also have fallen into the hands of hackers.
WestJet is working with the FBI and technical experts to assess the full scope of the incident. Affected customers are being offered a free two-year identity theft protection package that can be used until November 30.
The company announced the attack on June 13, when internal systems were compromised and the mobile app was temporarily unavailable. At the time, WestJet assured that it was doing everything possible to protect data, but did not specify whether it was a document leak.
During this period, the notorious hacking group Scattered Spider was actively attacking the aviation industry. Despite the coincidence in time, there is no official confirmation that this group is behind the attack on WestJet.
WestJet has become another major victim of cyberattacks on the aviation sector. Despite the company’s assurances of prompt measures, the leak of passport data and documents significantly undermines customer trust and highlights the vulnerability of aviation infrastructure to cybercriminals.
