Canadian carrier WestJet confirms a mid-June cybersecurity breach involved escape of some sensitive passenger information, though credit card details and passwords were uncompromised.

Calgary-based WestJet said on 29 September that both internal and external experts have concluded a weeks-long “technical and forensic investigation” to determine the scope of the IT breach and to identify what types of information were accessed. 

No credit card information, such as 3- or 4-digit CVV numbers or expiration dates, was accessed by the third party, nor were customer passwords, according to WestJet, which maintains the cybersecurity threat was quickly contained and never posed risks to flight safety. 

”Unfortunately, WestJet [confirms] that certain data was obtained from its systems,” the airline says.  

WestJet reported in June that a “sophisticated, criminal third party” had penetrated its databases. It has not identified an individual or group it believes to be behind the intrusion. 

shutterstock_2409970417

Source: Pascal Huot / Shutterstock

WestJet does not specify how many customers’ data was involved in the mid-June breach 

WestJet says, for “most individuals, the type of personal information involved was not sensitive”. 

”However, for certain individuals the data may include information such as name, contact details, information and documents provided in connection with their reservation and travel, and data regarding their relationship with WestJet,” it adds. 

WestJet says it is making efforts to contact customers affected. 

The carrier cooperated on the case with Transport Canada, the US Federal Bureau of Investigation, the Canadian Centre for Cyber Security and credit-reporting agencies TransUnion, Experian and Equifax. 

Cybersecurity is an apparently increasing area of vulnerability for airlines and airport. Australia’s Qantas Airways disclosed in June having been hit by a “significant” data breach that exposed the information of some 6 million customers. In July, Russia’s Aeroflot cancelled more than 50 round-trip flights after an apparent cyberattack on its infrastructure.

Most recently, UK authorities arrested one person tied to investigations into a cyberattack that disrupted operations at several European airports in mid-September.

That attack was directed at Collins Aerospace, which provides technologies for check-in and boarding processes. 

Howard Hardee is Americas aviation reporter for FlightGlobal.com and Flight International magazine, covering major and regional airlines in North America and low-emissions initiatives throughout the industry. He formerly covered politics for journalism nonprofit Wisconsin Watch and has written about science, music, travel and forestry as a freelancer for dozens of blogs, newspapers and magazines.View full Profile

More from Howard Hardee

Topics