“Containment is complete”: WestJet posts update on cybersecurity incident

WestJet has provided an update to the IT cybersecurity incident it experienced last month, revealing that “containment is complete.”

In a July 18 posting to its website, the airline addressed the “suspicious activity” it first identified in its systems on June 13. In a news release at the time, the carrier said several people trying to access its services were facing "restricted access." 

“We immediately investigated and determined that these were the actions of a sophisticated, criminal third party, who gained unauthorized access to our systems,” wrote the airline, which took “immediate action” to contain the breach and secure its systems.

WestJet says that “at no point was the safety and integrity of our airline operations in question.”  

Data illegally obtained

The airline performed a technical and forensic investigation to identify the nature and scope of the event and confirms that “certain data was illegally obtained from WestJet’s systems.”

“Thanks to our internal precautionary measures, no credit card or debit card numbers and no guest user passwords were obtained,” the airline wrote.

What was obtained was personal and travel-related data, “which varies from person to person.”

“In line with regulatory requirements, WestJet has identified those individuals, who we will contact in the coming days to provide information and support regarding this incident,” said WestJet, which has posted additional information here.

After cooperating with law enforcement, Canadian Centre for Cyber Security, and relevant authorities, including Transport Canada, the Office of the Privacy Commissioner of Canada and its provincial and international counterparts, containment of issue is now complete.

“Some additional system and data security measures have been implemented,” WestJet wrote. “However, analysis is ongoing, and we will continue to take measures to further enhance our cybersecurity protocols.”

The airline added that it “sincerely regret this situation,” noting that it remains grateful for the support and patience of the thousands of guests and “WestJetters who place their trust in us.”

Work of a cybercriminal group?

The update comes as a known cybercriminal group turns its focus to aviation, successfully infiltrating the computer systems of several airlines in the U.S. and Canada last month, according to the FBI. 

While the breaches haven’t compromised flight safety, they have put top cybersecurity leaders at airlines on high alert.

As previously reported, these attacks are believed to be the work of “Scattered Spider,” a group of young hackers known for tactics aimed at extorting or humiliating their targets.

The hackers target big companies and their IT contractors, “which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk,” the FBI said in a statement that named Scattered Spider as the perpetrator of the airline hacks.

“Once inside (a victim’s network), Scattered Spider actors steal sensitive data for extortion and often deploy ransomware.”

The FBI said it “is actively working with aviation and industry partners to address this activity and assist victims.”

Don't miss a single travel story: subscribe to PAX today!  Click here to follow PAX on Facebook.