WestJet confirms current breach uncovered prospects’ passports

Canadian airline WestJet is informing prospects that the cyberattack disclosed in June compromised their delicate data, together with passports and ID paperwork.

WestJet is a significant airline in North America that operates a fleet of 153 aircrafts and providers 104 locations, carrying over 25 million vacationers yearly.

On June 13, the corporate disclosed a cybersecurity incident that disrupted sure inside methods and made the WestJet app unavailable to prospects.

Round that point, the Scattered Spider risk group centered their assaults on organizations within the aviation business. Nonetheless, there isn’t a official attribution for the hackers behind the WestJet breach.

Within the days following the disclosure, WestJet printed a number of updates assuring prospects that each one acceptable measures to guard their knowledge have been being applied, however the communications didn’t specify if the hackers managed to entry any delicate data.

The notification to prospects was shared with authorities within the U.S. and confirms the influence, primarily based on the outcomes of the investigation that the corporate accomplished on September 15.

In line with the findings, the next knowledge varieties have been uncovered to the attackers, various per particular person: 

• Full identify
• Date of delivery
• Mailing handle
• Journey paperwork, akin to passport or authorities ID
• Requested lodging
• Filed complaints
• WestJet Rewards Member ID, factors, and different data
• WestJet RBC Mastercard, WestJet RBC World Elite Mastercard, or WestJet RBC World Elite Mastercard data.

WestJet specified that no bank card or debit card numbers, expiry dates, CVV numbers, or person passwords have been compromised.

The airline famous that recipients of the notification ought to inform different people who could have flown underneath the identical reserving quantity as them, as their data may need been uncovered too.

WestJet states that it’s nonetheless attempting to find out the total scope of the incident, so this preliminary discover is being circulated to these confirmed to be impacted. Nonetheless, it could not characterize the whole influence of the compromise.

“We proceed to work alongside our technical specialists to find out the total extent of the incident,” reads the letter.

“Whereas investigations of this nature are sophisticated and take time to finish, we now have labored as rapidly as doable to overview the information we perceive to be concerned and to determine whether or not any of your private data has been concerned.”

The corporate additionally acknowledged that the FBI is concerned within the investigations and that it has taken all the suitable measures to forestall related incidents from occurring sooner or later.

The notices additionally enclose directions on the best way to enroll in a free 2-year id theft safety and monitoring service, redeemable by November 30.

BleepingComputer has reached out to WestJet to inquire in regards to the variety of prospects affected, and we’ll replace this submit with their response.