Canadian carrier WestJet Airlines confirmed it is investigating a “cyber-security incident” that disrupted access to the airline’s website, mobile app and several internal systems late last week. In an advisory posted to its site, WestJet said specialized response teams are working “in cooperation with law-enforcement and Transport Canada” to contain the breach and assess the scope of exposure westjet.com.
Although flight operations and safety systems remain unaffected, travellers have reported intermittent trouble checking in, managing bookings and redeeming reward points via the carrier’s digital channels. WestJet warned customers to “expect interruptions” while the recovery effort continues theregister.com.
| Date | Key development |
|---|---|
| Thu 13 Jun | WestJet detects unusual activity in internal network; restricts access to certain apps. |
| Fri 14 Jun | Public advisory published; RCMP cyber unit notified reuters.com. |
| Mon 16 Jun | Customers begin experiencing outages across website and iOS/Android apps; booking agents urged to process tickets manually securityweek.com. |
| Wed 18 Jun | Airline says operations are running safely but “full functionality” of digital services may take days to restore. |
WestJet has not disclosed whether attackers accessed passenger records. However, airlines typically store:
PII – names, contact details, passport numbers
Payment data – partially-tokenised credit-card info
Travel history & loyalty profiles
Cyber-security analyst David Shipley notes that frequent-flyer accounts are “particularly lucrative for criminals, who resell reward points on the dark web or use them for money-laundering flights.” (Interview with PulseDaily, 18 Jun.)
Airlines have become prime targets: recent attacks hit Japan Airlines, Delta (2024 outage) and Seattle-Tacoma International Airport wsj.com. Canada’s critical-infrastructure operators have also been hammered this year; utility firm Nova Scotia Power disclosed unauthorised network access in April reuters.com.
Huge data troves – passports, payment cards, travel preferences.
Legacy tech – decades-old reservation systems tied to modern web layers.
Tight uptime requirements – even brief outages ripple through global schedules, giving attackers leverage.
Monitor loyalty accounts for unexpected point redemptions.
Change WestJet passwords (and any reused elsewhere).
Enable two-factor authentication where offered.
Watch statements for unusual card charges linked to recent bookings.
WestJet says it will issue email updates every 12 hours and contact affected customers directly if any personal data is confirmed compromised westjet.com.
Cyber-forensics teams are still determining the attack vector—early speculation ranges from a phishing entry point to a supply-chain compromise involving a third-party IT provider. Meanwhile, regulators at Transport Canada and the Office of the Privacy Commissioner are monitoring the investigation.
For now, travellers should build in extra buffer time at the airport and complete any check-in steps through WestJet agents rather than the app. PulseDaily will continue to follow developments.
Health
19.06.2025
Health
19.06.2025
Business
19.06.2025
Leave a Comments