WestJet Customer Profile Information Exposed in Data Breach of Rewards Program

Media Division | August 3, 2017

Data breaches continue to result in massive disasters for many types of organizations. When data or digital assets are left unprotected in even the most minor way, it can result in large thefts and compromises. And the types of data that attackers will target are virtually innumerable, as they can typically use it for some malicious purpose or sell it. There can be varying levels of severity when it comes to data breaches, depending on what was affected and how much. In yet another breach, WestJet airlines have said that profile data from their rewards program was revealed online by an unauthorized third party.

How the Breach Came About

Reports seem to be quite lacking as far as the exact details stolen in the attack. Though, it did not include banking or financial information. It appears to have stemmed from a phishing attack, as they had received an email that seemed to be spam and had then become aware of the data breach on July 28th. At which point, they had then worked to rapidly address the incident. WestJet has said that they are working with RCMP and Calgary Police Service in an investigation of the incident. According to reports, it is uncertain as to whether it was a targeted attack, as they say the hackers may have been feeling out the security for a further breach or were simply trying to obtain the data. They are currently in the process of contacting those guests that were affected in the attack. In addition, the airline said they had notified the federal privacy commissioner and the Information and Privacy Commissioner of Alberta about the compromised personal data.

The Handling of the Breach

WestJet seems to be remaining somewhat tight lipped about the incident, as there does not appear to be any information as to how they are handling the breach with their customers, or how they are bolstering their security. These are somewhat important points to relay to the public, as it should be made known how they will be protecting their customers and preventing attacks in the future. When these types of factors are neglected, it can result in much further consequences to the organization. Not only will they have the immediate loss of data and funds from the incident, but they can also have huge declines in customer base and resulting revenue. As we have mentioned in a few other blog posts, a single data breach of magnitude can factually cause an organization to fail if severe enough, or if it is handled incorrectly.

The Importance of Cyber Security Monitoring

In a large amount of breaches, there is one factor that often results in them being much worse, which would be the time to discovery. Unfortunately, many breaches tend to go undetected for months or even over a year sometimes, which allows the infiltrating threat to continue to steal data or cause damage. This is why cyber security monitoring is such a vital implement for organizations in the modern world. It provides a much higher awareness of networks and systems by monitoring the constant status of them. This way, any anomalies or indicators can be alerted to IT staff or a dedicated analyst, and these can then be rapidly addressed if turning out to be malicious. This helps to eliminate the chance of threats going unnoticed for extended periods of time like has happened so frequently before. Modern threats can be quite insidious and skilled at flying under the radar, which is why they need to be detected upon entry. Cyber security monitoring from Massive Alliance can help organizations of all types and sizes to better defend themselves.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.