Data Breach Summary
In June 2025, WestJet experienced a cybersecurity breach that affected approximately 1.2 million individuals, including 240 residents of Maine. The breach involved unauthorized access by a sophisticated third-party hacker. While no sensitive payment information or account passwords were compromised, personal travel data was accessed. WestJet has since resolved the incident and is offering identity protection services to affected individuals. If you were impacted, you may be eligible for compensation through a class action lawsuit.
On June 13, 2025, WestJet identified suspicious activity on their systems, leading to the discovery of unauthorized access by a third-party hacker. This breach affected a total of 1.2 million individuals, including 240 residents in Maine. Upon identifying the breach, WestJet swiftly engaged internal and external cybersecurity experts to secure their systems and conduct a thorough investigation.
The investigation revealed that the hacker accessed various personal data, including travel documents, accommodations, and other travel-related information. WestJet confirmed that no financial information, such as credit or debit card numbers, expiry dates, CVV codes, or passwords, were compromised.
By September 15, 2025, the investigation had been concluded, and WestJet had analyzed the data affected by the breach. The company identified the specific information impacted and contacted those affected. WestJet has emphasized that the integrity of their operations remained secure throughout the event and assured the public that no financial accounts were compromised. To prevent future breaches, the company has implemented additional security measures to safeguard personal data.
WestJet has offered affected individuals free identity theft protection services, including monitoring services, to help them recover from the incident. Despite the breach, the company has maintained that their systems are now fully secure.
The breach occurred on June 13, 2025, and was discovered by WestJet on September 15, 2025. The company took immediate action to address the breach once discovered, and by that time, the scope of the incident had been thoroughly investigated.
The breach involved several types of personal information, including but not limited to:
It’s important to note that no credit card numbers, expiry dates, CVV numbers, or passwords were involved in the breach.
If you were affected by the WestJet data breach, there are a few steps you can take to protect yourself and ensure your personal information is secure:
If you received a data breach notification from WestJet, you may be entitled to compensation for the harm caused by this incident. Data breaches often lead to identity theft, fraud, and significant emotional distress, and you have the right to seek legal recourse.
If you were affected by this breach, consider contacting Class Action U for a free consultation. We can help you determine whether you have a valid case to join a class action lawsuit and potentially receive compensation for your losses.
Don’t stand alone—join the class and make your voice heard. Together, we can hold WestJet accountable for their failure to protect your personal information. Reach out to us today for guidance on how to take action.