WestJet is informing travellers that some WestJet Rewards member profile data has been disclosed online by an unauthorized third party.
None of the data contained credit card or banking information, WestJet said, adding that affected customers were contacted by email either on the evening of July 28 or July 29. The number of customers affected by the data breach is still under investigation, WestJet said.
According to WestJet, the airline has taken immediate steps to secure affected systems and has been working closely with the Calgary Police Service and the RCMP cybercrime unit in its investigation. The Office of the Information and Privacy Commissioner of Alberta and the federal Privacy Commissioner has been informed.
"The privacy and protection of our guests' information is a matter we take very seriously and we have worked swiftly and aggressively to resolve this incident," said Craig Maccubbin, WestJet Executive Vice-President and Chief Information Officer. "WestJet is in the process of contacting affected guests and we deeply regret any inconvenience this may cause."
In a statement to PAX, WestJet spokesperson Lauren Stewart said that the airline’s immediate action on the matter included included “forcing a password reset on potentially affected WestJet Rewards members’ accounts, adding CAPTCHA to our login and members pages and contacting all affected and potentially affected guests.”
WestJet Rewards members are being encouraged to update their passwords on a regular basis, as well as to use different passwords for all online security applications.