This story was updated with new information on the number of customers impacted.
Canadian airline WestJet is informing customers that the cyberattack disclosed in June compromised the personal information of 1.2 million customers, including passports and ID documents.
WestJet is a major airline in North America, operating a fleet of 153 aircraft and serving 104 destinations, which carry over 25 million travelers annually.
On June 13, the company disclosed a cybersecurity incident that disrupted internal systems and made the WestJet app unavailable to customers.
Around that time, threat actors associated with Scattered Spider were focusing their attacks on organizations in the aviation industry. However, there is no official attribution for the hackers behind the WestJet breach.
Soon after the attack, BleepingComputer learned that the threat actors breached WestJet by using social engineering to reset an employee's password and gain access to the network through Citrix.
This allowed the attackers to compromise the Windows networks and the company's Microsoft cloud network.
The WestJet data breach
In the days following the disclosure, WestJet published multiple updates, assuring customers that all appropriate measures to protect their data were being implemented. However, the communications did not specify whether the hackers had managed to access any sensitive information.
In a data breach notification sent to customers and shared with authorities in the U.S., the company has confirmed the impact after completing an investigation on September 15.
... continue reading