WestJet and the Cyberattack
Canadian airline WestJet announced to its customers that the cyberattack disclosed in June compromised sensitive information, including passports and ID documents.
WestJet, a major airline in North America, operates a fleet of 153 aircraft and services 104 destinations, carrying more than 25 million travelers every year.
On June 13, the company revealed a cybersecurity incident that disrupted certain internal systems and made the WestJet app unavailable to customers.
Around that time, the Scattered Spider threat group targeted organizations in the aviation industry. However, investigators have not officially attributed the WestJet breach to this group.
In the days following the disclosure, WestJet published multiple updates to assure customers that it had implemented all appropriate measures to protect their data. Yet, the company did not clarify whether hackers managed to access sensitive information.
The airline shared its customer notification with U.S. authorities and confirmed the impact based on the results of an investigation completed on September 15.
According to the findings, attackers accessed the following types of data, varying by individual:
- Full name
- Date of birth
- Mailing address
- Travel documents, such as passport or government ID
- Requested accommodations
- Filed complaints
- WestJet Rewards Member ID, points, and other information
- WestJet RBC Mastercard, WestJet RBC World Elite Mastercard, or WestJet RBC World Elite Mastercard information
WestJet emphasized that hackers did not compromise credit card or debit card numbers, expiry dates, CVV numbers, or user passwords.
The airline urged recipients of the notification to inform other individuals who may have flown under the same booking number, since their data might also have been exposed.
What now?
WestJet explained that it still works to determine the full scope of the incident. For now, the airline circulated this initial notice only to those confirmed as impacted, although the complete impact may be broader.
“We continue to work alongside our technical experts to determine the full extent of the incident,” reads the letter.
“While investigations of this nature are complicated and take time to complete, we have worked as quickly as possible to review the data we understand to be involved and to ascertain whether any of your personal information has been involved.”
The company also confirmed that the FBI participates in the investigation and noted that it has taken all appropriate measures to prevent similar incidents in the future.
The notices also include instructions on how to enroll in a free two-year identity theft protection and monitoring service, which customers must redeem by November 30.
Source: BleepingComputer, Bill Toulas
Read more at Impreza News
