This story was updated with new information about the number of affected customers.
The Canadian airline was informing the Westjet customers that the cyber attack in June compromised the personal information of 1.2 million customers, including passports and ID documents.
Westjet is a major airline in North America, operating a fleet of 153 aircraft and serving 104 destinations, taking over 25 million passengers annually.
On 13 June, the company revealed a cyber security incident that disrupted internal systems and made the Westjet app unavailable to customers.
Around that time, the threats associated with scattered spider were focusing on their attacks on organizations in the aviation industry. However, there is no official feature for hackers behind Westjet Brech.
Immediately after the attack, Bleepingcomputer came to know that the danger actors violated the vestige using social engineering to reset an employee’s password and get access to the network through Citrix.
This allowed the attackers to compromise with the Windows Network and the company’s Microsoft Cloud Network.
Westjet data breech
In the days after disclosure, Westjet Published many updatesAssuring customers that all appropriate measures were being implemented to protect their data. However, communication did not specify whether hackers have managed to reach any sensitive information.
One in Data breech notification Customers were sent and shared with officials in the US, the company confirmed the impact after completing an investigation on 15 September.
Westjet also confirmed the Main Attorney General’s office that the violation allowed the attackers to steal data for about 1.2 million customers.
According to the findings, the following data types are made aware of the attackers, per capita separate:
- Full name
- Date of birth
- Postal address
- Travel documents such as passport or government ID
- Requested accommodation
- Complaints filed
- Westjet Member ID, Marks and Other Information Awards
- Westjet RBC MasterCard, Westjet RBC World Elite MasterCard, or Westjet RBC World Elite MasterCard information.
Westjet specified that no credit card or debit card number, expiry dates, CVV number, or user passwords were compromised.
The airline said that the recipients of the notification should inform other persons who can fly under the same booking number, as their information may also be revealed.
The Westjet states that it is still determining the full scope of the incident, so this initial notice is being confirmed to be affected. However, this cannot represent the full impact of the agreement.
“We continue to work with our technical experts to determine the entire limit of the event,” reads the letter.
“While the investigation of this nature is complex and it takes time to complete, we have worked quickly to review the data that we understand to join and to find out if you include any personal information.”
The company also said that the FBI is involved in the investigation and it has taken all the appropriate measures to prevent the same future incidents.
Notices also attach the instructions to enroll a free 2-year identity in theft protection and monitoring service, redeemed by 30 November.
attend Violation and attack simulation summit And experience Future of security verificationListen to top experts and see how AI-managed base Breach is changing and attacking simulation.
Do not remember the event that will shape the future of your safety strategy
