WestJet Confirms Cybersecurity Incident

WestJet has confirmed that a recent cybersecurity incident exposed personal information belonging to some of its customers, though no payment card details or account passwords were compromised. The airline says the breach, discovered on June 13, 2025, involved “a sophisticated criminal third party” temporarily accessing certain systems containing customer data. The incident has since been resolved, and WestJet emphasizes that flight operations and safety were never affected.

According to the company, the information accessed may include names, dates of birth, contact details, travel booking history, and in some cases, passport or government ID details. WestJet Rewards members may also have had their membership numbers and points balances accessed, though the airline believes reward points are not at risk. Credit card numbers, expiry dates, CVV codes, and login passwords were not involved in the breach.

To support affected customers, WestJet is offering 24 months of free credit monitoring, identity theft protection, and dark web monitoring through TransUnion Canada. The airline has notified privacy regulators and law enforcement, and says it has strengthened its cybersecurity measures to prevent similar incidents. Customers are being urged to remain vigilant against phishing attempts, monitor their financial accounts, and redeem the provided activation code before November 30, 2025, to enroll in the free protection services.