Further to previous updates in June and July 2025, and following a thorough investigation, WestJet is sharing more information related to the June IT cybersecurity incident. What happened? On June 13, 2025, we identified suspicious activity on our systems. We immediately investigated and determined that these were the actions of a sophisticated, criminal third party, who gained unauthorized access to our systems. Given the significant importance of data security to the integrity of our business, we are prepared for incidents of this nature and followed our response planning by taking immediate action to contain the incident and secure our systems. As a result, at no point was the safety and integrity of our airline operations in question. What information about guests was impacted? Unfortunately, certain data was illegally obtained from WestJet’s systems. Thanks to our internal precautionary measures, no credit card or debit card numbers, expiry dates or CVV numbers, and no guest user passwords were obtained. The data involved in this incident varies from person to person. However, for certain individuals the data may include information such as name, contact details, information and documents provided in connection with their reservation and travel, and data regarding their relationship with WestJet. While it is possible that some of this information could be used for identity theft or fraud (including in the context of any booked travel), WestJet is not aware of any misuse of the relevant data for such purposes. What is Westjet doing? We engaged internal and external experts to perform a technical and forensic investigation to identify the nature and scope of the event. As previously shared, the incident has been successfully contained, and additional system and data security measures have been implemented to enhance our existing security program. Analysis remains ongoing, and measures to further enhance our cyber-security protocols are also ongoing. Given the criminal nature of this incident, we continue to closely cooperate with law enforcement, the Canadian Centre for Cyber Security, and relevant authorities, including Transport Canada, the Office of the Privacy Commissioner of Canada and its provincial and international counterparts as appropriate. What can you do? In line with regulatory requirements, WestJet has identified individuals to contact about this incident where appropriate and where we are able to do so. WestJet is also offering identity theft protection services to relevant individuals where appropriate and where these services are available. If you received an email or letter notice about this incident directly from WestJet, that notice sets out the types of personal information about you that may have been involved in this incident and provides information on how to access identity theft protection services. If you were not contacted by WestJet directly and would like to know whether your data was involved, please contact us using the information below. If you do receive any suspicious emails, text messages or calls from someone purporting to be from WestJet please visit our Scams and fraudulent schemes page or contact local authorities. As a general recommendation, and not in connection with this incident, we would encourage you to follow best practice from a security perspective, including the below steps: Check your flight information ahead of any upcoming trips Continue to be alert to the risk of phishing and fraudulent emails asking you to enter login credentials, provide financial information or give up any other personal data. Check your bank statement regularly for any unusual activity that you do not recognize. Check your credit file regularly for newly opened accounts or credit searches that you do not recognize. Use strong passwords and change them regularly. Use passwords that are at least eight characters long and use numbers, upper case, lower case and symbols. Never give out personal details over the phone unless you are sure who you are speaking to. Please note we would never contact you by email to ask you to provide us with any payment card information. Additional resources about protecting yourself from scams and fraud are available from the Canadian Anti-Fraud Centre . For more information For Canadian residents, if you have questions about this incident, please contact WestJet at 1-888-937-8538 or wjresponseteam@westjet.com . If you reside outside Canada, please find our list of international phone numbers here or email wjresponseteam@westjet.com stating your country of residence in the subject line so that we may properly allocate your query.