OTTAWA – The office of Canada’s privacy commissioner says it has opened an investigation into a cyberattack on WestJet which saw a “malicious actor” gain access to the airline’s systems.
The airline said in a statement last month that a “sophisticated, criminal” third party was able to gain access to some personal and travel-related data during the June cybersecurity incident.
WestJet said it had identified and would contact people who were affected by the breach.
The airline said the safety of its airline operations was never threatened. It also said that, due to internal precautionary measures, no credit card or debit card numbers and no guest user passwords were obtained.
A statement from the office of Privacy Commissioner of Canada Philippe Dufresne said the investigation will look into the security safeguards WestJet had in place at the time of the breach and the adequacy of its notifications to affected individuals to determine the airline’s compliance with privacy law.
It said the office is engaging with WestJet to ensure that it’s taking appropriate steps to respond to the incident.
The statement said the immediate focus is to ensure that the company is “effectively” addressing the breach and protecting its customers’ personal information.
This report by The Canadian Press was first published Aug. 5, 2025.
