WestJet Confirms Cyberattack Exposed Passenger Data but Says Financial Details Remain Safe   WestJet has revealed that some customer information was accessed during a cyberattack in June, though the airline maintains that the majority of cases did not involve “sensitive” data. On Monday, the carrier issued a notice to U.S. residents as part of its investigation into the June 13 breach, describing the attack as the work of a “sophisticated, criminal third party.” The company emphasized that its internal safeguards prevented hackers from obtaining payment details such as credit and debit card numbers, expiration dates, CVV codes, and user passwords. However, certain personal information was exposed. This included passengers’ names, contact information, travel-related documents, reservation details, and data reflecting their relationship with WestJet. “Containment is complete, and some additional system and data security measures have been implemented,” WestJet stated in its release. “However, analysis is ongoing, and WestJet will continue to take measures to further enhance its cybersecurity protocols.” The airline confirmed that it is directly notifying affected customers, offering guidance through its website, and has engaged Cyberscout to provide fraud prevention and remediation services. Authorities, including the U.S. Federal Bureau of Investigation (FBI) and the Canadian Centre for Cyber Security, are working with WestJet on the probe. Notifications have also been sent to U.S. credit reporting agencies — TransUnion, Experian, and Equifax — as well as several state attorneys general, Transport Canada, the Office of the Privacy Commissioner of Canada, and other relevant regulators worldwide.

WestJet Confirms Cyberattack Exposed Passenger Data but Says Financial Details Remain Safe #airlinecybersecurity #DataBreach #WestJetcyberattack

Unpacking the WestJet Cyberattack | Mobile API Security & Threats to Airlines Unpacking the WestJet Cyberattack | Mobile App Security and Aviation Threats Join us on "Upwardly Mobile" as we dissect the significant WestJet cyberattack, an incident that brought to light critical vulnerabilities in mobile application security and backend systems within the aviation sector. Episode Overview: The WestJet cyberattack, reported on June 14, 2025, caused disruptions to the airline's mobile application and select internal systems, though flight operations remained unaffected. This incident underscores an often-overlooked area of vulnerability where protections for user devices by companies like Apple and Google don't fully extend to how apps communicate with their servers. Key Discussion Points: - The Attack Vector: The incident likely exploited weaknesses in backend APIs, a common tactic among experienced cybercriminals, similar to the Hawaiian Airlines attack. Preliminary evidence suggests the use of the known vulnerability CVE-2023-12345, which affects parameter handling in mobile application backends. Threat actors also potentially used targeted spear-phishing campaigns to compromise employee credentials, aligning with the MITRE ATT&CK technique T1566 – Phishing. - Affected Systems: The attack directly impacted the WestJet Mobile App version 4.5.2 (the frontline consumer interface) and its accompanying API Backend version 1.8.9. Internal systems, including Oracle Database 19c (storing customer profiles and booking details) and Windows Server 2019 infrastructures, were also compromised. - Adversary Tactics: Forensic analysis indicates advanced exploitation methods, potentially involving custom scripts for lateral movement (T1059 – Command and Scripting Interpreter) and remote access tools. The sophistication of techniques and the dual targeting of customer-facing and internal infrastructures suggest a well-planned campaign by an organized group with expertise in the aviation sector, possibly using advanced exploit frameworks like Cobalt Strike. - Impact and Consequences: Beyond immediate service disruptions, the attack poses significant risks to customer confidence and operational continuity. There's a consequential risk of data exfiltration, intellectual property compromise, and potential fraudulent activities due to unauthorized access to sensitive internal information and customer profiles. The incident also elevates the risk profile for supply chain partners and third-party vendors. - Recommendations for Enhanced Security: Immediate actions include urgent patch management for vulnerabilities like CVE-2023-12345, extending multi-factor authentication (MFA) across all sensitive internal systems, and revising incident response protocols. Organizations should also enhance email filtering, deploy advanced threat detection systems like CrowdStrike Falcon and Cisco Secure Endpoint, and implement network segmentation to contain lateral movements. Theodore Miracco, CEO of Approov Mobile Security, emphasizes the critical need to address these overlooked vulnerabilities. Relevant Links to Source Materials: - WestJet Cyberattack Report: In-Depth Analysis of the WestJet Mobile App Breach and Internal System Vulnerabilities by Rescana: https://www.rescana.com/post/westjet-cyberattack-report-in-depth-analysis-of-the-westjet-mobile-app-breach-and-internal-system-v - Reuters Report on WestJet Incident: https://www.reuters.com/sustainability/boards-policy-regulation/westjet-probes-cybersecurity-incident-affecting-app-internal-systems-2025-06-14/ - WestJet's Official Advisory: https://www.westjet.com/en-ca/news/2025/advisory--cybersecurity-incident- - MITRE ATT&CK Framework: https://attack.mitre.org/ - CrowdStrike: https://www.crowdstrike.com/ - Mandiant: https://www.mandiant.com/ - Approov Mobile Security: https://approov.io/  Sponsor: This episode is brought to you by Approov Mobile Security. Learn how they protect mobile apps and their APIs at: approov.io Keywords: WestJet, cyberattack, mobile app security, aviation security, API vulnerabilities, spear-phishing, data breach, cybersecurity, incident response, digital threat, airline security, MITRE ATT&CK, CVE-2023-12345, Oracle Database, Windows Server, network security, supply chain risk, critical infrastructure. 

📣 New Podcast! "Unpacking the WestJet Cyberattack | Mobile API Security & Threats to Airlines" on @Spreaker #apisecurity #aviationsecurity #cybersecurity #mitreattack #mobileappsecurity #westjetcyberattack