WestJet Data Breach Affects Customer Info

WestJet, a major Canadian airline, experienced a massive data breach. On June 13, 2025, the airline detected suspicious activity within its internal network. An investigation was launched and determined that an unauthorized actor gained access and obtained sensitive data from the WestJet network.

A review was completed on Sept. 15, 2025 and revealed that customer data was compromised in the cyberattack. Exposed information included names, dates of birth, mailing addresses, travel document information, such as passport number or other government-issued ID, accommodations requested, complaints filed, WestJet Rewards ID numbers, points balances, credit card identifier type, such as “World Elite”, and information about changes to WestJet points balance.

WestJet began notifying impacted U.S. residents by mail on Sept. 29, 2025. The airline also published a Notice of Cybersecurity Incident for US Residents on its website.

The data breach was also disclosed to the New Hampshire Attorney General's office on Sept. 29, 2025 and the Vermont Attorney General on Sept. 30, 2025. Impacted WestJet customers includes 289 New Hampshire residents.

WestJet's response

WestJet immediately secured its systems, increased monitoring and engaged with both Unites States and Canadian law enforcement agencies. In addition to required state and federal disclosures, WestJet is offering impacted customers 24 months of TransUnion credit monitoring and identity theft protection services.

If you receive a notice from WestJet about this breach, you may want to:

• Sign up for the free credit monitoring and identity theft protection services, offered by the airline.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For more information about the airline, visit the WestJet official website.