WestJet Airlines has confirmed that a recent cybersecurity incident exposed certain personal information belonging to its customers.
The Canadian carrier says the breach took place in mid-June and was discovered on June 13, 2025.
Company officials stress that the situation is now resolved and that no financial account data or passwords were compromised.
What Happened
On June 13, WestJet’s security team spotted unusual activity on the airline’s internal systems.
The company immediately launched an investigation with help from both in-house and external cybersecurity experts.
That probe revealed that a sophisticated criminal third party had gained unauthorized access to WestJet’s network.
Once the intrusion was identified, WestJet moved quickly to lock down its systems. The airline’s IT team isolated affected servers and applied additional security controls to prevent further access.
A detailed forensic analysis was then carried out to determine which customer data had been accessed.
By September 15, WestJet had completed its review of the stolen data. That work included matching the records to current customer contact information, especially for United States residents who were impacted. The company began notifying affected individuals soon afterward.
What Information Was Exposed
The breach affected different customers in different ways. The types of information accessed may include:
- Full name and date of birth
- Mailing address
- Travel document details, such as passport number or other government-issued ID
- Travel-related preferences and requests, like seat or accommodation requests
- Complaints filed with WestJet
WestJet confirms that sensitive financial details were not taken. No credit or debit card numbers, expiration dates, CVV codes, or guest user passwords were compromised.
The airline also says that its core operations and flight safety were never at risk.
If you are a WestJet Rewards member, information tied to your loyalty account could have been exposed.
This may include your Rewards ID number and points total as of June 13. However, Rewards passwords remain secure, and WestJet has no reason to believe that any points were stolen or misused.
Customers who hold a WestJet RBC Mastercard, WestJet RBC World Elite Mastercard, or WestJet RBC World Elite Mastercard for Business may also have had additional data exposed.
This includes the type of credit card identifier (for example, “World Elite”) and details about any changes to their WestJet points balance. Again, full card numbers and payment credentials remain safe.
WestJet says it has taken several steps to protect customers going forward. These include:
- Providing free credit monitoring and identity theft protection services for affected customers
- Offering guidance on how to spot and report suspicious activity
- Enhancing network security with additional monitoring and encryption
- Conducting ongoing audits to ensure that no further unauthorized access can occur
Customers who receive a notification letter from WestJet will find instructions on how to enroll in complimentary monitoring services.
Even though financial data was not compromised, WestJet encourages all customers to remain vigilant. Customers should:
- Review credit and bank statements regularly for unusual charges
- Check loyalty account activity for unexpected point deductions
- Change passwords on any other accounts where the same login details are used
WestJet emphasizes that protecting passenger information is its highest priority. The airline apologizes for any inconvenience and is committed to keeping its systems secure and customers informed.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
