In mid‑June 2025, WestJet detected suspicious activity on its internal systems and confirmed that attackers accessed data tied to recent bookings. The exposed information varies by individual, WestJet is offering affected passengers two years of free identity‑theft and credit‑monitoring services. Learn more below.
What data was affected?
The exposed information varies by individual. WestJet released that Loyalty Members, regularbookings passengers and WestJet RBC Mastercard all were affected.
- Names
- Dates of birth
- Contact details
- Gender
- Passport and travel document details
- Reservation numbers
WestJet credit card holders had more information leaked about them, potentially including credit card identifier types (like "World Elite") and information about your WestJet points.
Credit card numbers, expiration date, CVV and passwords are not affected.
How did the hackers get access to WestJet's platform?
WestJet has not released any details on how hackers gained access, all that was mentioned was "Suspicious activity was detected on WestJet’s internal systems". What this does tell us, is that hackers were able to penetrate internal software used by WestJet employees. This was likely done by sophisticated criminal third party and whilst the airline hasn’t released details, most breaches like this often come down to common vulnerabilities, and we speculate via one of these avenues:
- Phishing emails that trick employees into sharing login credentials.
- Weak or reused passwords that attackers can crack or buy on the dark web.
- Unpatched software where outdated systems leave doors open.
- Third-party access risks, where attackers exploit a vendor or partner with weaker security.
Even without confirmation, the pattern is clear, attackers only need one weak spot to get in.
🥭 Mango Moment:
At the crux of mangoHR we believe that your first line of defence is human prevention. Incidents like this show how quickly personal data can be exposed and misused. If you're a business, that means training your employees to handle sensitive information securely. Our privacy and cybersecurity training gives teams region-specific lessons, real-world examples, and clear steps to prevent breaches, whether you’re in aviation, finance, or healthcare.
What this means for you
If you were affected by this data breach, WestJet is offering two years of free identity‑theft and credit‑monitoring services through TransUnion Canada, plus identity restoration assistance and fraud expense insurance up to $1 Million (CAD).
To access this, you should have received an email from WestJet with a link to TransUnion and a specific code that you can apply to get free access.
