Cyber Incident Victim: WestJet

On July 28, 2017, WestJet publicly disclosed a privacy breach affecting its WestJet Rewards members. The Calgary-based airline stated that an unauthorized third party had disclosed profile data belonging to some rewards program members online. The company confirmed the breach in a late Friday statement, clarifying that no credit card or banking information was compromised in the incident. WestJet immediately engaged law enforcement authorities, including the Calgary Police Service and the RCMP Cybercrime Unit, to investigate the unauthorized disclosure. The airline also notified both the Office of the Information and Privacy Commissioner of Alberta and the federal Privacy Commissioner of Canada about the breach. While WestJet confirmed taking "immediate steps to secure affected systems," it did not specify which systems were compromised or the technical nature of the security failure. The company withheld details about both the specific types of profile data exposed and the exact number of rewards members impacted by the breach.

WestJet initiated direct communication with affected guests following the discovery of the breach, though the timeline for these notifications wasn't specified. Craig Maccubbin, WestJet's Executive Vice-President and Chief Information Officer, emphasized the company's serious approach to data protection and described their response as swift and aggressive. The airline expressed regret for any inconvenience caused to customers but did not outline specific remedial measures being offered to affected individuals. No information was provided regarding how the breach was discovered, whether the disclosed data remained publicly accessible at the time of disclosure, or if the unauthorized party made any demands. The incident represented a confirmed compromise of customer profile information within WestJet's loyalty program systems, though the full scope and operational impacts remained undisclosed by the airline.