WestJet, one of Canada’s largest airlines, is grappling with a cybersecurity incident that has disrupted access to its website and mobile application since June 13.
The breach has triggered intermittent outages across digital platforms, prompting the airline to activate specialized response teams in collaboration with law enforcement and Transport Canada.
While flight operations remain unaffected, the company warns guests and employees to exercise heightened caution regarding personal data security.
The cyberattack first came to light on June 13 when WestJet confirmed unauthorized access to internal systems had restricted user access to its app and backend software.
Initial statements emphasized the airline’s priority to “safeguard sensitive data and personal information” while minimizing operational disruptions.
By June 14, the company acknowledged the incident’s complexity, noting ongoing efforts to “understand the extent of impact” through forensic analysis.
Technical teams worked through the weekend to isolate affected systems, with partial service restoration achieved by June 15.
However, guests continue to experience sporadic errors when accessing booking management tools or flight status updates through digital channels.
A WestJet spokesperson confirmed that no flight safety systems were compromised, stating, “Our operations remain safe and stable, with all aircraft departing as scheduled”.
The breach highlights growing vulnerabilities in aviation IT infrastructure, which has seen a 56% increase in cyberattacks globally since 2022 according to International Air Transport Association benchmarks.
WestJet Airlines Struck by Cyberattack
WestJet’s incident response protocol activated immediately upon detection, engaging Canadian cybersecurity authorities and the Royal Canadian Mounted Police (RCMP).
Transport Canada is overseeing the investigation under the Aeronautics Act, which mandates strict reporting of aviation-sector breaches.
The airline has not disclosed whether ransomware or data exfiltration occurred but confirmed “active cooperation” with regulatory bodies to mitigate risks.
Cybersecurity experts from third-party firms joined WestJet’s internal IT teams to implement containment measures, including network segmentation and enhanced monitoring.
“We’re rebuilding critical systems with additional security layers while preserving evidence for forensic analysis,” a technical lead stated anonymously.
The company faces mounting pressure to clarify the attack’s origin, with industry analysts speculating potential links to advanced persistent threat (APT) groups targeting transportation networks.
Passenger data security remains a critical concern. Although WestJet has not confirmed any data theft, it advised guests to monitor financial accounts and enable two-factor authentication on travel profiles.
The Office of the Privacy Commissioner of Canada confirmed it is “assessing the situation” under federal privacy laws.
Customer Frustration
According to Report, WestJet maintained 98% of scheduled flights across its 700-daily-operation network.
Counter agents at major hubs like Toronto Pearson and Calgary International airports implemented manual check-in procedures to avoid service lapses.
“We’ve trained for these scenarios,” said a Calgary-based gate agent. “Boarding passes are being issued manually, and flight updates are communicated via email when possible”.
Customer frustration nonetheless mounted as website outages persisted through June 15. Social media platforms saw over 2,300 complaints about booking modifications and refund processing delays.
The airline’s communications team emphasized transparency, providing twice-daily updates through its cybersecurity incident portal.
Industry observers note the attack’s timing during peak summer travel exacerbates challenges. “Airlines can’t afford downtime during high-demand periods,” said McGill University aviation researcher Dr. Elena Torres.
“WestJet’s ability to keep planes flying shows resilience, but long-term reputation damage depends on how they handle data protection concerns”.
As containment efforts continue, WestJet plans phased restoration of digital services with reinforced encryption protocols. The incident underscores aviation’s vulnerability to cyber threats, prompting calls for sector-wide security upgrades.
Transport Canada is expected to release new cybersecurity guidelines for airlines by Q3 2025, building on the National Cyber Security Strategy’s critical infrastructure provisions.
For now, WestJet passengers are advised to allow extra time for airport procedures and monitor official channels for updates.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
