WestJet Data Breach: Over 5 Million Affected, Security Measures Enhanced

WestJet Data Breach: Over 5 Million Affected, Security Measures Enhanced

First seen 15 Jul 2026, 01:41 UTC www.law360.comPriv.Gc.CaMlex 89% similarity 64.5

Article Content

Browse articles
ThreatCluster

WestJet experienced a significant data breach in 2025, affecting over five million customers and employees. An unauthorized third party exploited social engineering tactics to bypass multi-factor authentication and accessed an employee's account with administrative privileges. This breach allowed the attacker to control WestJet's virtual servers and exfiltrate sensitive data, including names, birth dates, email addresses, and passport information. In response, WestJet has committed to improving its security measures, including engaging an external security firm to assess its enhanced protocols. The Office of the Privacy Commissioner of Canada is overseeing the investigation and will remain open until WestJet fulfills its commitments. The breach highlights ongoing vulnerabilities in cybersecurity practices, particularly regarding identity and access controls.

Key Points: • Over five million WestJet customers and employees were affected by a data breach. • The breach was executed through social engineering tactics that bypassed multi-factor authentication. • WestJet has committed to enhancing security measures and engaging an external firm for assessment.

ThreatCluster AI

Timeline

2025-01-01
Data breach discovered
WestJet confirmed a data breach affecting over five million customers and employees due to unauthorized access.
Priv.Gc.Ca
2025-01-05
Investigation initiated
The Office of the Privacy Commissioner of Canada initiated an investigation into WestJet's data breach.
Priv.Gc.Ca
2026-07-14
WestJet commits to security improvements
WestJet announced its commitment to enhance security measures and engage an external firm for assessment following the breach.
Priv.Gc.Ca

Community

Browse all →