Canadian airline WestJet this week confirmed that customer personal information was stolen in a June 2025 cyberattack.
The incident, disclosed on June 13, involved unauthorized access to several internal systems and impacted the availability of WestJet’s application and website.
The airline’s operations were not affected by the attack, and WestJet restored access to its application and website roughly two days after the incident.
In July, WestJet said the incident had been fully contained and additional security measures were implemented, adding that the hackers were able to steal certain data from its systems.
This week, the airline revealed that the personal information provided by travelers for reservations or travel has been compromised.
According to the company, names, contact information, government-issued IDs, and other information provided by customers was stolen, but no credit/debit card details or passwords were obtained.
“While it is possible that some of this information could be used for identity theft or fraud (including in the context of any booked travel), WestJet is not aware of any misuse of the relevant data for such purposes,” the company said.
WestJet has started notifying the potentially affected individuals and is providing them with identity theft protection services.
The company also published an FAQ on the incident, along with identity protection recommendations.
Additionally, WestJet is warning customers to be wary of suspicious emails, text messages, or calls from individuals impersonating the airline, who might ask for payment card information.
Related: Cyberattack on Beer Giant Asahi Disrupts Production
Related: Nearly 250,000 Impacted by Data Breach at Medical Associates of Brevard
Related: Mainline Health, Select Medical Each Disclose Data Breaches Impacting 100,000 People
Related: Dutch Teens Arrested for Allegedly Helping Russian Hackers