Notice of Cybersecurity Incident for US Residents

WestJet, an Alberta Partnership (“WestJet”), is providing notice to United States residents of a recent cybersecurity incident that may affect certain individuals’ personal information. 

What Happened? On June 13, 2025, we identified suspicious activity on our WestJet systems. We immediately investigated and determined that these were the actions of a sophisticated, criminal third party, who gained unauthorized access to our systems. 

Given the significant importance of data security to the integrity of our business, we are prepared for incidents of this nature and followed our response planning by taking immediate action to contain the incident and secure our systems. As a result, at no point was the safety and integrity of our airline operations in question. 

We engaged internal and external experts to perform a technical and forensic investigation to identify the nature and scope of the event. Unfortunately, we confirmed that certain data was obtained from WestJet’s systems. Since making that determination, we diligently conducted an extensive analysis of that data to identify specific data elements and locate current contact information for certain United States residents who were impacted. As of September 15, 2025, we completed our analysis and as a result are providing this notice. Thanks to our internal precautionary measures, no credit card or debit card numbers, expiry dates and CVV numbers,  and no guest user passwords were obtained. 

What Information was Involved? The personal information involved in this incident varies from person to person. For most individuals, the type of personal information involved was not sensitive. However, for certain individuals the data may include information such as name, contact details, information and documents provided in connection with their reservation and travel, and data regarding their relationship with WestJet. In line with regulatory requirements, WestJet has identified those individuals who we will contact to provide information and support regarding this incident where we have sufficient contact information. 

What Are We Doing? As soon as we discovered this incident, we took the steps described above and examined our system to ensure that the risk of a similar incident occurring in the future was minimized. Given the criminal nature of this incident, we closely cooperated with law enforcement, including the US Federal Bureau of Investigation and the Canadian Centre for Cyber Security, and have notified the relevant authorities, including the US credit reporting agencies (TransUnion, Experian, and Equifax), the applicable Attorneys General of the US States with impacted residents, Transport Canada, the Office of the Privacy Commissioner of Canada and its provincial and international counterparts as appropriate.

Containment is complete, and some additional system and data security measures have been implemented. However, analysis is ongoing, and we will continue to take measures to further enhance our cybersecurity protocols.

What You Can Do. You can request information as described below.  WestJet encourages individuals to remain vigilant against incidents of identity theft and fraud, to review account statements, and monitor free credit reports for suspicious activity. Out of an abundance of caution, if potentially affected individuals would like to take additional measures to protect against identity theft, the Federal Trade Commission provides general advice here: https://consumer.ftc.gov/features/identity-theft.

In addition, WestJet retained the assistance of Cyberscout, a TransUnion company, in providing impacted individuals with fraud assistance and remediation services.  

For More Information. If you received an email or letter notice about this incident directly from WestJet, that notice sets out the types of personal information about you that may have been involved in this incident and provides information on how to access identity theft protection services.

If you were not contacted by WestJet directly and would like to know whether your data was involved, please contact WestJet at 1-888-937-8538 or wjresponseteam@westjet.com.

We sincerely regret this situation, and we remain grateful for the support and patience of the thousands of guests and WestJetters who place their trust in us.

Steps You Can Take to Help Protect Your Personal Information

Review Your Account Statements and Notify Law Enforcement of Suspicious Activity: As a precautionary measure, we recommend that you remain vigilant by reviewing your account statements and credit reports closely. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained. You also should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, your state attorney general, and/or the Federal Trade Commission (the “FTC”).

Copy of Credit Report: You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting www.annualcreditreport.com/, calling toll-free 1-877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You also can contact one of the following three national credit reporting agencies: