Cybersecurity incidents are a growing concern across industries. However, when they impact airlines the results can be severe. Airlines manage vital infrastructure and store large amounts of data. They also rely heavily upon interconnected digital systems.
In June 2025 WestJet Airlines confirmed to be one of Canada’s biggest carriers that they had suffered from a cyber-attack. WestJet stressed that flight operations had not been affected, but the incident has raised concerns over data leakage, passenger safety and the cybersecurity posture of the aviation industry.
This article explains the events, including how they unfolded and which systems and data have been affected. It also explains WestJet’s reaction and the lessons that businesses can take from this high profile case.
WestJet Cybersecurity Incident: What you need to know
The Incident was Discovered
WestJet discovered suspicious activities in its IT systems on June 13 2025. The airline’s security team immediately launched an investigation, and invited external experts to help resolve the problem.
The company confirmed the affected parts of its app for mobile, and internal system. It meant that customers had problems booking flights or obtaining travel information, but core flight operations and safety systems were not affected.
Initial Public Statements
WestJet has posted updates to its website.
- Investigations were underway into the incident.
- The authorities, including Transport Canada, and Office of the Privacy Commissioner of Canada had been informed.
- Flight operations are not compromised.
- Some digital services may be affected, but customers can still book and fly.
The transparency of the information provided not only helped to reduce the panic, but also confirmed that the situation was serious.
What Data was Affected
What data has been exposed?
Customer and Employee Data
WestJet has confirmed that certain personal information of passengers and employees were accessed in an illegal manner. The exposed data included the following:
- Full Names
- Dates and birth
- Phone numbers and email addresses
- Postal addresses
- Booking details for travel (such flight numbers and reservation codes).
- In some cases, information on passports and government-issued identification numbers
Cybercriminals are highly interested in this type of data for identity theft, travel fraud, and phishing scams.
Data that Was Not Compromised
The airline assured customers that their sensitive data was safe.
- Information about credit cards and debit cards
- Passwords
- WestJet Rewards points
The exposure of personal documents and identification still poses a long-term threat to the security of affected individuals.
Who was behind the attack?
While WestJet has not confirmed the hackers, several cybersecurity experts and news outlets have suggested that this breach may be related to the Scattered Spider Hacker Group.
The Scattered Spider Group
- The airline, telecom, and hospitality industries are the most commonly targeted sectors.
- Bypass authentication systems using social engineers and help desk impersonation.
- Previous attacks against MGM Resorts, and major airlines were linked.
- Often demands ransom in exchange for not releasing stolen data.
Many experts suspect Scattered Spider of involvement due to the similarity in tactics and timing of airline breaches.
WestJet Response
Containment & Investigation
WestJet immediately detected the intrusion.
- Isolate affected systems in order to prevent spread.
- Bring in external security specialists for forensic analysis.
- Coordinate with the law enforcement and the government regulators.
- Monitoring for evidence of stolen information appearing on the Dark Web.
Support for Affected Customers
WestJet offers:
- Free credit monitoring services
- Protection against identity theft for affected individuals
- For inquiries about the incident, you can contact us via email or by calling our hotline .
Communication Strategy
The airline issued regular updates acknowledging the extent of the breach, while assuring its customers that security and operational integrity were intact. The airline’s transparent approach helped to prevent misinformation, and reassure passengers during the peak travel season.
Impact on Employees and Passengers
Passenger Concerns
The biggest concern for customers is Identity theft. The risk of identity theft increases when passports and other government-issued IDs are exposed.
- Travel bookings made fraudulently
- Unauthorized document use
- Scams of social engineering
- Phishing emails posing as WestJet
Passengers are advised to stay vigilant, update account security and monitor suspicious activity.
Employee Risks
The breach also included employee data. The theft of employee data could lead to:
- Phishing targeted at company accounts
- Staff at the Help Desk are subjected to social engineering attacks
- Fraudulent claims for tax or benefits
The Aviation Industry as a Whole
WestJet’s breach is not an unusual one. Cybercriminals have targeted aviation as airlines store sensitive information.
- Many millions of customer identities
- Payment data
- Itineraries of travel linked to government systems
Other Airlines Affected by 2025
- Qantas reported a hacker breach in Australia.
- Hawaiian Airlines confirmed that a cyberattack was also responsible for disruptions.
The recent wave of attacks indicates that hackers are targeting airlines systematically, causing aviation cybersecurity to be a worldwide concern.
The WestJet Cybersecurity Incident: Key Learnings
1. Stronger Help Desk Security
Social engineering is still one of the most dangerous threats. Hackers impersonate IT or employee staff to trick the help desk into resetting passwords or bypassing authentication. Airlines must:
- Use Multi-layer Verification to verify internal access requests.
- Train your staff to recognize social-engineering tactics.
- Implement zero trust policies.
2. Data Minimization & Encryption
Storing large quantities of sensitive data increases attack surface. Airlines should:
- Reduce the collection of personal information.
- Secure sensitive documents such as passports while they are in transit and at rest.
- Audit the data stored regularly and for what purpose.
3. Rapid Incident Response Plans
WestJet’s quick response to the breach shows how important it is:
- Intrusion detection and 24/7 monitoring systems.
- Well documented incident response playbooks.
- To prepare your staff, you can conduct regular cyber drills.
4. Transparency based on customer needs
In the digital age, it is more damaging to your reputation to hide a breach than to disclose one. WestJet’s quick notification of regulators and its customers is a good example of good practice.
The Regulatory Side
Canadian Laws and Regulations
Companies in Canada that experience a data breach affecting the personal information of their customers must:
- Report to the Office of the Privacy Commissioner.
- Notify the affected persons as soon as you can.
- Keep a record of all data breaches to be reviewed by regulators.
If you do not comply, you may be fined and/or face legal action.
Global Aviation Security Standards
Airlines must adhere to international standards, such as the following:
- IATA Cybersecurity Framework
- ICAO Aviation Security Guidelines
- GDPR (for EU passengers)
The WestJet example highlights the importance to align with domestic and international requirements.
WestJet’s Long-Term Impact
Financial Costs
Cyber incidents can be costly. Costs include:
- Hire forensic investigators
- Credit monitoring is free
- The cost of potential lawsuits
- Loss of trust in the company’s reputation
Reputation Management
It is hard to rebuild trust, especially when it comes to industries such as aviation where customers are used to absolute safety. WestJet needs to continue its transparent communication, and show that it is investing in cybersecurity.
Strengthening security posture
WestJet will likely:
- Increase investments in cyber infrastructure.
- Adopt AI driven threat detection tools.
- Improve Identity and Access Management (IAM).
- Collaboration with government agencies to develop aviation cybersecurity initiatives.
The conclusion of the article is:
The WestJet cyber incident of 2025 highlights today’s growing risks for airlines. Although flight operations were unaffected, the exposure and misuse of customer and employee information is a serious issue with long-term implications.
The following are the key takeaways:
- Cyberattacks against airlines are becoming increasingly sophisticated and frequent.
- Theft of credit cards or sensitive data like passports or IDs is just as dangerous.
- In managing the fallout, it is important to have a strong communication plan, a quick response and transparency.
- To stay on top of the evolving threats, the aviation industry needs to adopt zero trust models, strengthened help desk protocols and proactive monitoring.
WestJet’s experience is a cautionary story that can be used by the airline industry as well as businesses around the world. In the digital age, protecting data is a mission-critical issue.
