One week after a major cybersecurity incident disrupted its systems, WestJet says it has made “significant progress”, yet continues to offer no clear timeline for resolution or details about potential data exposure.
>>>Click here to read more about WestJet
In a statement released Wednesday 18, the airline said it took “immediate action” upon identifying the breach, including launching an internal investigation, hiring forensic specialists and third-party cybersecurity experts, and notifying staff and guests. However, key information remains undisclosed, such as the nature of the attack or whether sensitive customer data was compromised.
“We are working as quickly as possible,” the company stated, noting that investigations are ongoing. WestJet added that it cooperates with law enforcement and complies with all regulatory obligations.
While the airline has stressed that protecting its data is a top priority, the lack of further details about how the attack occurred, for example, is raising concerns among customers and industry observers. The statement concludes with: “We appreciate the continued patience of all of our guests during this time.”
So far, the cyber attack has not affected operations and flights.
WestJet’s most recent statement:
UPDATE: June 18, 3 p.m. MT
WestJet has made significant progress on safeguarding our digital environment and supporting the specialized teams working to resolve the cyber incident that began on June 13, 2025.
As soon as a cybersecurity incident was identified, we took immediate action, including but not limited to, launching an investigation, engaging world class third-party cyber security experts and forensic specialists, and notifying our people and guests of our ongoing efforts.
We are working as quickly as possible to assess any potential data in scope. Our investigations are ongoing, and we will provide updates as appropriate in the future. We have engaged with law enforcement and are complying with our regulatory obligations in the meantime. The protection of our data is of utmost importance to us and we thank all of our guests for their continued patience at this time.
Expert Warns: It’s Not Just Canada’s Aviation Sector at Cyber Risk
According to Alexis Aguirre, director of CyberGate in Brazil, Canada’s aviation sector isn’t the only one facing cyber threats: other transportation and infrastructure systems have also been targeted by digital attacks.
“In fact, attacks on what’s known as OT (Operational Technology) have been rising exponentially over the past 18 months on a global scale. A best practice, which is also CyberGate’s recommendation for any company concerned about its cyber resilience, is to adopt EASM (External Attack Surface Management) technologies. That means seeing things from a hacker’s perspective: identifying what vulnerabilities are exposed, what needs to be hardened, and which gaps must be closed. Just like we take precautions in the physical world to reduce our risk of being targeted by crime, the same level of concern and action should apply in the digital world,” said Aguirre.
Aviation Sector Must Remain Vigilant
Referring back to the WestJet incident, the expert points out that the threat extends beyond just one Canadian airline: the entire aviation sector is at risk. “Recently, the aviation industry has been hit by a series of cyberattacks, including incidents involving Japan Airlines and Delta. What we’re seeing is that airlines, which have historically relied on robust and redundant operational systems, now need to bolster their cyber architecture and ensure resilience in their digital systems as well,” Aguirre concluded.
