Mlex
WestJet Data Breach: Over 5 Million Affected, Security Measures Enhanced
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
WestJet experienced a significant data breach in 2025, affecting over five million customers and employees. An unauthorized third party exploited social engineering tactics to bypass multi-factor authentication and accessed an employee's account with administrative privileges. This breach allowed the attacker to control WestJet's virtual servers and exfiltrate sensitive data, including names, birth dates, email addresses, and passport information. In response, WestJet has committed to improving its security measures, including engaging an external security firm to assess its enhanced protocols. The Office of the Privacy Commissioner of Canada is overseeing the investigation and will remain open until WestJet fulfills its commitments. The breach highlights ongoing vulnerabilities in cybersecurity practices, particularly regarding identity and access controls.
Key Points: • Over five million WestJet customers and employees were affected by a data breach. • The breach was executed through social engineering tactics that bypassed multi-factor authentication. • WestJet has committed to enhancing security measures and engaging an external firm for assessment.