WestJet, Canada’s second-largest airline, announced a cyberattack earlier this year resulted in the theft of personal information belonging to 1.2 million passengers. The carrier disclosed the total number of affected individuals in a filing with Maine’s attorney general.
The filing confirmed that 240 Maine residents were among those impacted. According to the notice, the compromised data includes passenger names, dates of birth, postal addresses, and travel documents such as passports and government-issued identification. Information regarding passenger accommodations, including specific requests and complaints, was also exposed. WestJet further indicated that customer rewards information, including points balances and other account-related details, may have been taken during the breach.
The airline first publicly disclosed a security incident in June after discovering its systems were breached. An investigation confirmed that unauthorized actors had gained access to its network and had stolen data. When reached by email for comment about the breach, WestJet spokesperson Jennifer Booth did not provide a response to inquiries from TechCrunch.
Media reports have linked the cyberattack to Scattered Spider, a financially motivated hacking group. The collective is reportedly composed of mostly English-speaking teenagers and young adults known for using social engineering tactics. Their method often involves calling corporate IT help desks and tricking employees into providing them with access to internal networks.
The incident follows warnings issued earlier this year by the FBI and cybersecurity firms stating that hackers were actively targeting the transportation and aviation industry. Australian airline Qantas was allegedly hacked by the same group, an attack that resulted in the theft of personal information from more than 6 million of its customers.