Latest Airline Security Breach Leaks Passports, IDs, Other Info

It is always bad when we are assigned by security violations. It is even worse when our sensitive information is exposed accordingly. This is exactly what happens to a number of Westjet users. Yikes.

The Canadian airline Westjet officially confirmed that a cyber attack for the first time in June led to the violation of sensitive personal information belonging to its customers. According to notifications sent to affected persons, compromised data include complete names, birth dates and, in some cases, details of passport and government identification. Not good. Confirmation comes three months after the initial incident, following an internal investigation which ended on September 15.

The security violation was announced for the first time by the airline based in Calgary on June 13, when it reported a cybersecurity incident which caused interruptions to some of its internal systems and rendered the WestJo mobile application temporarily unavailable. At the time, the company did not specify the extent of the data compromise, assuring customers that measures were taken to protect their information. The author of the attack was not officially appointed, but the incident occurred during a period when the hacking group known as the “scattered spider” would have targeted organizations in the aviation sector. It would therefore not be weird for you to connect the points.

The survey has now revealed that the attackers have accessed a wide range of customer data. The specific information exposed vary according to individuals but may include complete names, birth dates, postal addresses, travel documents such as passports or other identifiers issued by the government, and details on the requested adaptations or complaints filed. For members of the airline loyalty program, Westjet Rewards IDS, points sales and related information may have been exposed. In addition, information connected to Westjet RBC Mastercards were also part of the violation.

However, the airline said that more critical financial data has not been compromised. Depending on the notice, the violation did not include credit or debit card numbers, expiration dates, CVV security codes or user passwords for WestJet accounts.

In its communication with customers, Westjet advises that the survey to determine the complete scope of the incident is still underway. Current opinions are sent to people who have been confirmed as affected, but the company recognizes that this may not represent the full list of affected travelers. The airline also urged the main beneficiaries of these notifications to inform any other person who may have traveled under the same reservation reference, because their personal information could also have been compromised in the attack.

Although it is a Canadian airline, it has a lot of implications for us because they have a lot of flights inside and outside the United States. The Federal Bureau of Investigation (FBI) is involved in the current survey. The company also assured customers that it had implemented measures to prevent similar incidents from performing in the future. As a precautionary measure, Westjet offers affected customers a free two -year subscription to an identity flight protection and monitoring service, which must be bought by November 30. It’s probably too late now.

Source: Bleeping Computer