WestJet says some passengers' personal info stolen in June security breach

WestJet says some passengers' personal information was obtained in a cyberattack in June, however it believes the breach did not involve "sensitive" data in most cases.

The airline issued a notice to U.S. residents on Monday related to its ongoing probe into the June 13 incident, which it said was carried out by a "sophisticated, criminal third party."

It said its internal precautionary measures prevented attackers from gaining customers' credit card and debit card numbers, expiry dates and CVV numbers, and that no user passwords were stolen.

However, some passengers' personal information was exposed, such as their name, contact details, information and documents provided in connection with their reservation and travel, along with data regarding their relationship with WestJet.

"Containment is complete, and some additional system and data security measures have been implemented," it said in a news release.

"However, analysis is ongoing, and WestJet will continue to take measures to further enhance its cybersecurity protocols."

The airline said it would contact affected customers to provide support and has posted guidance on its website.

WestJet has also retained Cyberscout to provide affected customers with fraud assistance and remediation services.

It said it is co-operating with law enforcement, including the U.S. Federal Bureau of Investigation and the Canadian Centre for Cyber Security.

WestJet said it has notified other relevant authorities, such as U.S. credit reporting agencies TransUnion, Experian, and Equifax, attorneys general of various U.S. states, Transport Canada, the Office of the Privacy Commissioner of Canada and its provincial and international counterparts.