WestJet Confirms Data Breach – Customers’ Personal Information Exposed

WestJet Airlines has officially confirmed that a cybersecurity incident earlier this year resulted in the unauthorized access and exposure of certain personal information belonging to its customers.

The Canadian carrier disclosed that the breach occurred in mid-June and was detected on June 13, 2025.

Company officials emphasize that the situation has been resolved and that no financial account data or passwords were compromised.

What Happened

On June 13, WestJet’s security team identified unusual activity on the airline’s internal network.

Within hours, the company engaged both its in-house cybersecurity experts and external forensic specialists to investigate the anomaly.

The detailed probe revealed that a sophisticated criminal third party had gained unauthorized access to WestJet’s systems.

In response, WestJet immediately isolated the affected servers, applied enhanced security controls, and implemented additional encryption measures to prevent further intrusion.

Over the ensuing months, a comprehensive forensic analysis was conducted to determine which customer records were accessed.

Timeline and Investigation

By September 15, WestJet had completed its review of the compromised data.

During this phase, the company matched the accessed records to its current customer database, prioritizing notifications for United States residents, as required by federal regulations.

Affected individuals began receiving notification letters shortly thereafter, which included instructions on how to enroll in complimentary credit monitoring and identity protection services.

What Information Was Exposed

The breach did not compromise sensitive financial details. Specifically, no credit or debit card numbers, expiration dates, CVV codes, or customer passwords were accessed.

However, the types of personal information exposed vary by individual and may include:

• Full name and date of birth
• Mailing address
• Travel document details (e.g., passport numbers or other government-issued ID)
• Travel preferences and special requests
• Records of complaints filed with WestJet

For WestJet Rewards members, additional data may have been viewed. This could involve Rewards ID numbers and point balances as of June 13, 2025.

Nevertheless, loyalty program passwords remain secure, and there is no indication that any points were stolen or misused.

Customers holding co-branded WestJet RBC credit cards (including World Elite and Business variants) may also have had non-sensitive card details accessed, such as the card type and recent point balance changes.

Full card numbers and payment credentials were not compromised.

In light of the breach, WestJet has taken multiple steps to safeguard its customers:

• Offering free credit monitoring and identity theft protection to those affected
• Guiding, recognizing, and reporting suspicious activity
• Enhancing network security with additional real-time monitoring and advanced encryption protocols
• Conducting regular audits to ensure no further unauthorized access occurs

Notification letters include clear instructions for enrolling in these complimentary services.

WestJet urges all customers affected or not to remain vigilant by regularly reviewing bank and credit card statements for unusual transactions, monitoring loyalty account activity, and changing passwords on any other accounts where the same credentials are used.

Protecting passenger information remains WestJet’s highest priority.

The airline extends its sincere apologies for any inconvenience caused and reaffirms its commitment to transparency, robust security measures, and ongoing communication with its customers.

As part of its strengthened security posture, WestJet will continue to invest in advanced detection technologies and industry-leading cybersecurity practices to safeguard its network and the data of millions of travelers worldwide.

Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates