Overview

• A filing with the Maine Attorney General confirms roughly 1.2 million people were affected, including 240 residents of the state.
• Exposed data may include names, addresses, dates of birth, government ID details, and travel-related information, while payment card numbers and guest passwords were not taken, according to the airline.
• WestJet Rewards details such as membership IDs and points balances may have been accessed, with RBC cardholders’ card type identifiers and points changes potentially included.
• The June 13 incident disrupted the airline’s app and website availability, but WestJet says flight operations and customer safety were not impacted.
• Law enforcement and privacy regulators are investigating, and attribution remains unconfirmed despite reports citing a claim by the Scattered Spider group.