WestJet has reported that personal data, including details about travel documents like passports, was taken in a cyber breach earlier this year. However, credit card numbers, debit card numbers, and user passwords were not compromised. The stolen personal information may vary from individual to individual but could include name, date of birth, email address, mailing address, phone number, gender, and recent travel booking history, such as travel booking numbers.
The airline reassured customers that the safety and integrity of their operations were not at risk during the breach. The stolen data may also contain information on passengers’ travel documents used with WestJet, like passports or other government-issued identification documents, as well as details such as WestJet Rewards ID numbers, points balances, and other membership information. WestJet stated that there is no indication that customers’ points are at risk.
WestJet cautioned that the stolen information could be misused for identity theft or fraud. In response, the airline is providing affected customers with identity theft and credit monitoring services at no cost for 24 months in partnership with TransUnion Canada. Additionally, customers will receive up to $1,000,000 in expense reimbursement insurance in case of fraud.
To safeguard against potential risks, individuals are advised to verify the authenticity of any communications they receive, especially after the exposure of private data. WestJet has shared further details on protecting oneself on their website.
The airline detected suspicious activity on its systems on June 13 and confirmed that criminals had briefly accessed some systems. WestJet has resolved the incident and informed the office of Canada’s privacy commissioner, who has initiated an investigation. WestJet has also involved law enforcement in response to the cyber breach.