Canada’s second largest airline, WestJet, has confirmed that a cyberattack and data breach earlier this year resulted in the theft of personal information from 1.2 million passengers. The airline disclosed the number of affected individuals in a filing with Maine’s attorney general, which also confirmed that 240 residents of that state were impacted.
According to the notice, the stolen data may include passenger names, dates of birth, postal addresses, and travel documents such as passports and other government-issued identity documents. Information related to passenger accommodations, including requests and complaints, was also potentially taken.
WestJet stated that information connected to customer rewards programs may have been stolen as well. This includes points balances and other details associated with reward accounts. The Canadian airline first disclosed a security incident in June after discovering its systems had been breached and that hackers had successfully stolen data from its network.
Media reports have linked the WestJet breach to a hacking group known as Scattered Spider. This is a financially motivated group composed mostly of English-speaking teenagers and young adults. The group is known for its methods of calling IT help desks and tricking employees into granting them access to corporate networks.
Earlier this year, the FBI and cybersecurity firms warned that these hackers were actively targeting the transportation and aviation industry. Australian airline Qantas was also allegedly hacked by the same group, resulting in the theft of personal information belonging to more than 6 million customers.