Canada’s privacy watchdog has launched an investigation into a cybersecurity breach at WestJet.
“Privacy Commissioner of Canada Philippe Dufresne has opened an investigation into a breach at WestJet following a cybersecurity incident involving a malicious actor who was able to gain access to the airline’s systems,” the Office of the Privacy Commissioner of Canada said in a statement Tuesday.
The probe was launched after the Calgary-based airline publicly confirmed in June that a hacker had infiltrated its systems and obtained certain personal and travel-related information.
“The investigation will examine the security safeguards that WestJet had in place at the time of the breach as well as the adequacy of its notifications to affected individuals,” the OPC statement said, adding it’s engaging directly with WestJet and focusing on “breach containment, notification of those affected and measures to reduce risks.”
In an email to CTVNews.ca, the OPC said it “is not in a position to provide further details at this time,” because “the matter involves an active investigation.”
“WestJet fully supports the Office of the Privacy Commissioner of Canada’s investigation,” the airline said in an email to CTVNews.ca. “We understand the importance of protecting the personal information of Canadians and encourage vigilance around cyber fraud.”
The breach, first made public on June 13, involved a “sophisticated, criminal third party,” according to a company update posted online on July 18.
“We are prepared for incidents of this nature and followed our response planning by taking immediate action to contain the incident and secure our systems,” the company said.
“As a result, at no point was the safety and integrity of our airline operations in question.”
The airline said no credit or debit card numbers and no user passwords were obtained, though some personal and travel-related data was accessed.
The company has not confirmed whether the breach involved malware, ransomware or another method of attack.
The breach occurred just days before foreign leaders arrived in Alberta for the G7 summit in Kananaskis. No link has been established between the event and the cyberattack.
“We sincerely regret this situation, and we remain grateful for the support and patience of the thousands of guests and WestJetters who place their trust in us,” the airline said.
