Ethical Hacking News
WestJet has confirmed that a recent cyberattack exposed customers' passports and other sensitive information. The incident was discovered in June 2025, but it wasn't until September 30, 2025, that the company notified its customers about the breach.
WestJet has confirmed a cyberattack that exposed customers' passports and other sensitive information. The breach was discovered in June 2025, but notification was delayed until September 30, 2025. Sensitive customer data including full name, date of birth, and travel documents were compromised. No credit card or debit card numbers, expiry dates, CVV numbers, or user passwords were affected. WestJet is offering a free 2-year identity theft protection and monitoring service to those affected.
WestJet, a prominent Canadian airline, has recently confirmed that a cyberattack has exposed customers' passports and other sensitive information. The breach was disclosed in June 2025, but it wasn't until September 30, 2025, that the company notified its customers about the incident.
In June, WestJet discovered a cybersecurity incident that had disrupted certain internal systems and made the WestJet app unavailable to customers. At the time, the Scattered Spider threat group was identified as being behind the attack. However, it is still unclear whether the hackers were able to access any sensitive information.
Following the disclosure of the breach, WestJet published multiple updates assuring its customers that all necessary measures were being taken to protect their data. However, these communications did not specify whether the attackers had successfully accessed any sensitive information.
Recently, on September 15, WestJet completed an investigation into the breach, which revealed that certain types of customer data had been exposed. According to the findings, the following types of information were compromised:
* Full name
* Date of birth
* Mailing address
* Travel documents (such as passports or government IDs)
* Requested accommodations
* Filed complaints
* WestJet Rewards Member ID, points, and other related information
* Information about WestJet's credit cards
However, it is worth noting that no credit card or debit card numbers, expiry dates, CVV numbers, or user passwords were compromised during the breach.
The airline has stated that recipients of the notification should inform other individuals who may have flown under the same booking number as them, as their information might have been exposed too. WestJet also mentioned that it is still trying to determine the full scope of the incident and therefore this initial notice may not represent the complete impact of the compromise.
The airline has emphasized that investigations of this nature are complicated and take time to complete. In an effort to address customer concerns, WestJet has stated that it will be providing a free 2-year identity theft protection and monitoring service to those affected by the breach. This service is redeemable by November 30.
Furthermore, WestJet has confirmed that it is working closely with authorities, including the FBI, to investigate the incident and prevent similar incidents from occurring in the future.
In light of this recent cyberattack, passengers are advised to be vigilant when traveling on flights operated by WestJet. The airline's breach highlights the importance of maintaining robust cybersecurity measures to protect sensitive customer data.
Related Information:
https://www.ethicalhackingnews.com/articles/WestJet-Confirms-Recent-Cyberattack-Exposed-Customers-Passports-and-Sensitive-Information-ehn.shtml
https://www.bleepingcomputer.com/news/security/westjet-confirms-recent-breach-exposed-customers-passports/
https://openjaw.com/newsroom/airline/2025/09/29/westjet-alerts-us-residents-of-june-data-breach-travel-details-passport-info-exposed/
Published: Tue Sep 30 14:44:03 2025 by llama3.2 3B Q4_K_M
