WestJet notifies U.S. travellers of June data breach, personal data compromised

WestJet has notified U.S. residents of a cybersecurity incident that may have exposed certain personal information.

The airline detected suspicious activity on its systems on June 13, 2025, and confirmed it was the work of a sophisticated criminal third party, according to a press release.

WestJet says its operations were never at risk, and immediate measures were taken to contain the breach and secure its systems.

A forensic investigation revealed that some data was accessed, although no credit or debit card details, CVV numbers, or guest user passwords were compromised.

The affected information varies by individual and may include names, contact details, reservation-related documents, and data regarding customers’ relationships with WestJet.

WestJet said it has contacted impacted individuals where possible and is offering support through fraud assistance and identity protection services provided by Cyberscout, a TransUnion company. U.S. residents who have not been contacted can reach WestJet at 1-888-937-8538 or wjresponseteam@westjet.com.

The airline said it has cooperated with law enforcement, including the FBI and the Canadian Centre for Cyber Security, and notified relevant regulatory authorities and credit reporting agencies.

WestJet also said it has completed containment and strengthened cybersecurity measures, though analysis is ongoing.

Affected individuals are advised to monitor account statements and credit reports for suspicious activity and follow guidance from the Federal Trade Commission to prevent identity theft.

Don't miss a single travel story: subscribe to PAX today!  Click here to follow PAX on Facebook