WestJet recently revealed a significant cybersecurity breach that affects its United States customers, stemming from an incident in June 2025. Unauthorized access to its internal systems has resulted in the extraction of certain customer data, raising concerns among travelers.
Details of the Cybersecurity Incident
The airline has confirmed that while no financial card details or account passwords were compromised, sensitive personal information—including names, contact information, travel document data, and reservation histories—may have been exposed to malicious actors. WestJet took swift action, detecting and containing the sophisticated attack without any disruption to flight operations.
On September 29, the airline notified US passengers about the breach, detailing the forensic review conducted by internal and external cybersecurity experts. The review confirmed that secure payment and password information remained intact; however, some customers may have experienced exposure of sensitive data linked to recent travel, including passport details and WestJet Rewards account information.
Company Response and Collaboration
In response to the breach, WestJet has implemented comprehensive containment measures and strengthened its security protocols. The airline is cooperating with law enforcement agencies in Canada and the U.S. and has informed relevant regulatory bodies, including Transport Canada and the Office of the Privacy Commissioner of Canada. Additionally, U.S. credit bureaus such as TransUnion and Equifax have been notified.
Support for Affected Customers
WestJet is reaching out directly to those impacted by the breach, offering them two years of complimentary identity theft protection, including credit monitoring and fraud support through Cyberscout under TransUnion. The airline’s remediation package also offers up to $1 million in reimbursement insurance for fraud-related expenses.
Customers receiving notifications are encouraged to carefully review the details and sign up for the available support services. To mitigate risks associated with identity fraud, WestJet advises a heightened awareness of potential phishing attempts, as the exposure of travel document data cannot be reset like a password.
Action Steps for Non-Contacted Customers
If you have not been contacted by WestJet but suspect your data might be involved, you can reach out to WestJet through the following channels: call 1-888-937-8538 or email wjresponseteam@westjet.com.
The airline emphasizes the importance of remaining vigilant against identity theft and fraud. Customers should monitor their account statements and utilize free credit reports to check for any suspicious activity. For additional guidelines on protecting against identity theft, the Federal Trade Commission provides comprehensive resources.
