top of page

WestJet Cyberattack Disrupts Internal Systems and Services

  • Writer: Cytopus
    Cytopus
  • Jun 17
  • 3 min read

Canada’s second-largest airline, WestJet, is responding to a cybersecurity incident that has disrupted access to internal systems, limited availability of its app and website, and raised concerns over potential data exposure. The airline has confirmed ongoing investigations in collaboration with law enforcement and Transport Canada, emphasizing that flight operations remain safe.


Incident Overview

On June 13, 2025, WestJet announced a cyberattack that impacted its internal platforms and temporarily limited user access to its mobile app and website. Although external-facing services were restored by the next morning, the incident continued to affect backend systems that are essential for operations and service delivery.

"We have activated specialized internal teams in cooperation with law enforcement and Transport Canada to investigate the matter and limit impacts," WestJet stated in a public advisory.

The company is currently investigating the root cause of the breach, clarifying its scope, and determining whether any sensitive data has been compromised. As of now, WestJet has not confirmed whether ransomware or another type of malware was involved, and no threat actor has claimed responsibility.


Potential Financial Impact

Although full financial details are not disclosed, disruptions like this can incur significant direct and indirect costs. Based on industry averages:

  • Operational downtime for major airlines can cost $300,000 to $1 million per hour, depending on scale and service disruption.

  • If personal data is involved, class-action lawsuits or regulatory investigations could result in millions in potential liability.

  • Cyber recovery, incident forensics, and system hardening are likely to cost well into seven figures, depending on breach scope.

If the breach results in confirmed data exfiltration or compromise of personal data, WestJet may face significant fines under Canada’s PIPEDA, which permits fines of up to $100,000 for each violation. Additionally, if EU or UK citizens are affected, the company could also be subject to fines under international data regulations.


Airline Industry in the Crosshairs

The WestJet breach highlights a trend of rising cyberattacks on airlines and aviation services. Notable incidents in 2025 include:

  • Delta Air Lines: Impacted by a third-party vendor breach exposing customer loyalty and payment data.

  • LOT Polish Airlines: Grounded flights for hours after a ransomware event hit backend airport systems.

  • AirAsia: Hit by the Daixin Team, who claimed to steal terabytes of personal and operational data.

These attacks reveal serious weaknesses in endpoint protection, vendor oversight, and identity management.


Regulatory and Compliance Implications

The aviation industry is experiencing heightened regulatory scrutiny due to increasing cybersecurity incidents. Airlines like WestJet must comply with strict data protection laws, such as the EU’s GDPR, which can impose fines of up to €20 million or 4% of global turnover for serious violations. Additionally, the EU’s NIS2 Directive requires strong security measures and timely breach notifications, with fines up to €10 million or 2% of global turnover. In Canada, WestJet is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA), which mandates prompt breach reporting and could trigger investigations by the Office of the Privacy Commissioner. Non-compliance can result in significant financial penalties, reputational harm, and increased regulatory oversight.


How Cytopus Can Help Your Business

For airlines and transportation providers, resilience is no longer optional. Cytopus delivers specialized cybersecurity solutions to meet the sector’s unique threat landscape:

  • Continuous Vulnerability Management: Our platform performs real-time scans to detect and remediate vulnerabilities across your enterprise environment, before they can be exploited.

  • Security Compliance and Risk Assessment: We help organizations align their security posture with leading frameworks like GDPRCRADORA, and NIS2minimizing regulatory exposure.

  • Threat Intelligence and Threat Detection: Leveraging AI-driven analysis, Cytopus ingests global threat feeds to detect exploitation attempts against zero-days and critical flaws.

  • Continuous Monitoring and Incident Response: Cytopus provides 24/7 security operations, combining automated detection with expert-led incident response to swiftly contain and address breaches.

  • Business Continuity and Disaster Recovery Planning: We help develop and validate disaster recovery and business continuity plans to ensure minimal disruption in the event of security incidents


bottom of page