Canadian carrier WestJet said on Monday the personal information of some passengers was exposed in a cybersecurity breach earlier this year, though no payment data was compromised.
The airline said it detected suspicious activity on June 13 and later determined that a “sophisticated, criminal third party” had gained unauthorized access to its systems.
The aviation industry’s growing dependence on complex digital systems and vast stores of passenger data has made it an increasingly attractive target for cybercriminals.
Earlier this month, a ransomware attack on Collins Aerospace, a unit of RTX, disrupted operations across major European airports, crippling check-in and baggage systems at popular hubs such as London’s Heathrow and Berlin.
WestJet said the type of data exposed in the breach varied but could include names, contact details, travel information and documents tied to reservations.
However, no credit card and debit card numbers, expiration dates and CVV numbers were obtained during the breach.
In a notice to U.S. residents on Monday, the carrier said it had worked closely with law enforcement agencies, including the Federal Bureau of Investigation and the Canadian Centre for Cyber Security.
It also notified relevant authorities, including the attorneys general of U.S. states where residents were affected.
