Overview
- A filing with Maine’s attorney general pegs the exposure at roughly 1.2 million passengers, including 240 residents of Maine.
- Exposed data varies by person and can include names, dates of birth, mailing addresses, travel documents such as passports or government IDs, and reservation-related details, while payment card data and passwords were not taken.
- WestJet says the June 13 intrusion impacted internal systems and its app but not flight operations, with core services restored within about two days.
- The airline completed a key forensic review around September 15, has begun notifying affected individuals, and is offering two years of identity and fraud protection.
- WestJet is cooperating with the FBI and Canadian cyber authorities and has alerted regulators, while media have linked the incident to Scattered Spider without any official attribution.