Canada’s second largest airline says it has been responding to a cyber-attack impacting some online services since Friday.
Calgary-headquartered WestJet Airlines said in a series of updates over the weekend that although its flight operations are unaffected, some customers may have trouble accessing its website and app.
“WestJet is aware of a cybersecurity incident involving internal systems and the WestJet app, which has restricted access for several users. We have activated specialized internal teams in cooperation with law enforcement and Transport Canada to investigate the matter and limit impacts,” the firm said in a statement on Friday.
“It is too early to speculate on details, though we are committed to sharing what we know as information becomes available. WestJet advises that guests and employees exercise additional caution at this time, especially when sharing personal information.”
The firm has been issuing updates on its website around every 12 hours over the weekend, although no new information has so far come to light as incident responders work through their protocols.
“As we continue work to determine the extent and overall impact of the cybersecurity incident, some guests may temporarily encounter intermittent interruptions or errors while using the WestJet app and/or WestJet.com and we are working to resolve these issues,” noted the most recent update on Sunday afternoon, local time.
“Our operations remain safe and stable and are not impacted by the situation.”
Airlines are popular targets for digital extortionists and data thieves, given the large volume of customer information they process and low tolerance for operational outages.
In May 2022, India’s SpiceJet was forced to delay a number of flights after being struck by ransomware. In April of the same year, customers of Canadian low-cost carrier Sunwing Airlines faced days of delays after a third-party system used for managing check-ins and boarding was hacked.
Even more serious are hacker attempts to use cyber-attacks to physically interfere with aircraft. Last year, two El Al flights bound for Israel reportedly encountered “hostile elements,” which tried to hack the planes’ communications networks in order to divert them from their pre-programmed route.
Also in 2024, the EU’s aviation safety agency, EASA, revamped its cybersecurity regulations for the sector with the release of the first Easy Access Rules (EAR) for Information Security (Part IS).
Image credit: Robin Guess / Shutterstock.com
