WestJet Under Siege: When Cybercriminals Target Canada's Critical Aviation Infrastructure

Breached Company

Breached Company

6 min read
WestJet Under Siege: When Cybercriminals Target Canada's Critical Aviation Infrastructure
Photo by David Syphers / Unsplash

Breaking: June 14 cyberattack on Canada's second-largest airline exposes vulnerabilities in critical transportation infrastructure

In the early hours of June 13, 2025, WestJet's cybersecurity team detected what would become one of the most significant cyberattacks on Canadian aviation infrastructure in recent years. The incident, which disrupted the airline's mobile application and internal systems, serves as a stark reminder of how cybercriminals are increasingly targeting critical transportation networks that millions of Canadians depend on daily.

The Smart Airport: Navigating Cybersecurity and Privacy Risks
As technology continues to evolve, so too do the capabilities of modern airports. “Smart airports” leverage advanced technologies to enhance passenger experience, streamline operations, and improve security. However, with these advancements come significant cybersecurity and privacy challenges. This article delves into the intricacies of smart airports, examining the cybersecurity and
Breached CompanyBreached Company

The Attack Unfolds

WestJet first acknowledged the cybersecurity incident through a carefully worded statement on June 13, revealing that "unusual activity" had been detected in their information systems. The Calgary-based airline, which serves over 100 destinations across North America, quickly activated specialized internal teams in cooperation with law enforcement and Transport Canada.

Timeline of the Attack:

  • June 13, 2025: Initial detection and public disclosure
  • June 14, 9 a.m. MT: WestJet confirms operations remain safe but systems affected
  • June 14, 9 p.m. MT: Company reports no new developments, commits to 12-hour updates
  • Ongoing: Investigation continues with external cybersecurity experts

The attack specifically targeted WestJet's customer-facing mobile application and several internal operational systems, creating what the airline described as "restricted access for several users." While flight operations remained unaffected, the incident highlighted critical vulnerabilities in the digital infrastructure that modern airlines depend on.

Critical Infrastructure in the Crosshairs

WestJet's incident represents a troubling escalation in cyberattacks targeting Canada's critical infrastructure. The airline industry has become an increasingly attractive target for cybercriminals due to several factors:

High-Value Data Assets

Airlines maintain vast databases containing:

  • Personal Identification Information: Names, addresses, phone numbers, email addresses
  • Financial Data: Credit card information, banking details, loyalty program accounts
  • Travel Patterns: Detailed movement data that could be valuable for espionage or criminal activities
  • Corporate Intelligence: Route planning, capacity management, and competitive intelligence

Operational Dependencies

Modern airlines rely on interconnected systems that create multiple attack vectors:

  • Reservation Systems: Customer booking and payment processing
  • Flight Operations: Crew scheduling, aircraft maintenance, route optimization
  • Ground Operations: Baggage handling, gate management, security coordination
  • Supply Chain: Vendor management, fuel procurement, catering services

The Broader Canadian Context

The WestJet attack occurs against a backdrop of escalating cyber threats against Canadian critical infrastructure. In April 2025, energy provider Emera and its subsidiary Nova Scotia Power disclosed a significant cyber intrusion that compromised parts of their network and business servers.

This pattern reflects a coordinated effort by cybercriminals to probe Canadian infrastructure vulnerabilities:

Recent High-Profile Incidents:

  • April 2025: Emera/Nova Scotia Power breach affecting energy infrastructure
  • March 2025: Multiple Canadian healthcare providers targeted in ransomware campaigns
  • February 2025: Financial institutions reporting increased phishing and social engineering attacks
  • January 2025: Municipal governments across Canada experiencing ransomware attempts

Geopolitical Implications

Canada's position as a NATO ally and its role in global supply chains make its critical infrastructure attractive targets for both financially motivated cybercriminals and state-sponsored actors. The aviation sector, in particular, represents a high-value target due to its role in:

  • Economic Activity: Supporting trade, tourism, and business travel
  • National Security: Potential disruption of government and military travel
  • International Relations: Impact on diplomatic and commercial relationships

Technical Analysis: How Aviation Cyberattacks Unfold

While WestJet has not disclosed specific technical details about the attack, industry patterns suggest several possible attack vectors:

Common Aviation Sector Attack Methods:

1. Supply Chain Compromise

  • Third-party vendor infiltration
  • Software update manipulation
  • Hardware implant insertion

2. Social Engineering

  • Phishing campaigns targeting employees
  • Business email compromise schemes
  • Credential harvesting operations

3. Network Infiltration

  • VPN exploitation
  • Unpatched system vulnerabilities
  • Misconfigured cloud services

4. Insider Threats

  • Malicious employee actions
  • Compromised contractor access
  • Inadequate access controls

The Mobile App Vector

The fact that WestJet's mobile application was specifically affected suggests attackers may have targeted customer-facing digital services. Modern airline apps typically integrate with numerous backend systems:

Potential Attack Surfaces:

  • Authentication Systems: Single sign-on vulnerabilities
  • Payment Processing: Credit card and loyalty program integration
  • Real-time Data: Flight status, gate changes, baggage tracking
  • Location Services: Airport navigation, proximity-based offers
  • Push Notifications: Potential for malicious message delivery

Compromising these systems could provide attackers with:

  • Access to customer credentials and personal information
  • Ability to manipulate flight information and cause confusion
  • Platform for distributing malware to customer devices
  • Entry point into more sensitive operational systems

Operational Impact and Response Strategy

Despite the cybersecurity incident, WestJet maintained that its flight operations remained "safe and unaffected." This suggests the airline had implemented proper network segmentation, separating customer-facing systems from critical flight safety infrastructure.

Industry Best Practices Demonstrated:

1. Rapid Detection and Response

  • Quick identification of unusual activity
  • Immediate activation of incident response teams
  • Transparent communication with stakeholders

2. Stakeholder Coordination

  • Cooperation with law enforcement agencies
  • Engagement with Transport Canada regulatory authorities
  • Communication with customers and employees

3. Operational Continuity

  • Maintenance of flight safety systems
  • Implementation of manual backup procedures
  • Protection of critical operational data

Historical Context: Aviation Cybersecurity Challenges

The WestJet incident is part of a growing trend of cyberattacks targeting the global aviation industry:

Notable Recent Cases:

  • 2023: Southwest Airlines faced system outages affecting thousands of flights
  • 2022: Several European airports experienced cyberattacks disrupting operations
  • 2021: Multiple airline loyalty programs compromised, affecting millions of customers
  • 2020: SITA (airline IT provider) breach exposed passenger data from multiple airlines

Unique Vulnerabilities in Aviation

The airline industry faces distinct cybersecurity challenges:

Legacy System Integration

  • Outdated mainframe systems difficult to secure
  • Complex integration between old and new technologies
  • Limited ability to implement modern security controls

Regulatory Complexity

  • Multiple jurisdiction requirements (domestic, international, aviation-specific)
  • Safety-critical systems requiring specialized security approaches
  • Complex certification requirements for system changes

Global Interconnectedness

  • Shared industry systems (reservations, baggage handling, air traffic control)
  • International data sharing requirements
  • Multiple third-party dependencies

The Economic Impact

Cyberattacks on airlines can have far-reaching economic consequences:

Direct Costs:

  • System Recovery: Technical remediation and data restoration
  • Legal Compliance: Regulatory fines and legal fees
  • Customer Compensation: Refunds, vouchers, and goodwill gestures
  • Security Enhancement: Upgraded infrastructure and monitoring tools

Indirect Costs:

  • Brand Reputation: Long-term customer confidence impacts
  • Operational Disruption: Lost productivity during recovery
  • Competitive Disadvantage: Market share loss to competitors
  • Insurance Premiums: Increased cybersecurity insurance costs

For WestJet, the full economic impact will depend on the scope of the breach and the effectiveness of their response. However, industry analysts estimate that major airline cybersecurity incidents typically cost between $10-50 million when including both direct and indirect impacts.

Regulatory Response and Future Implications

Transport Canada's involvement in the WestJet investigation signals the government's recognition of cybersecurity as a critical aviation safety issue. This incident may accelerate regulatory changes in several areas:

Potential Regulatory Developments:

  • Mandatory Cybersecurity Standards: Specific requirements for airline cybersecurity programs
  • Incident Reporting Requirements: Faster notification timelines for cyber incidents
  • Third-Party Risk Management: Enhanced oversight of airline vendor relationships
  • International Cooperation: Improved information sharing between aviation authorities

Strategic Recommendations for Aviation Cybersecurity

The WestJet incident offers several lessons for aviation industry cybersecurity:

For Airlines:

  1. Network Segmentation: Strict separation between safety-critical and business systems
  2. Zero Trust Architecture: Assume breach and verify all access requests
  3. Supply Chain Security: Enhanced vetting and monitoring of third-party providers
  4. Employee Training: Regular cybersecurity awareness and phishing simulation programs
  5. Incident Response: Well-tested procedures for cyber incident management

For Regulators:

  1. Cybersecurity Standards: Development of aviation-specific cybersecurity requirements
  2. Information Sharing: Improved threat intelligence sharing between industry and government
  3. International Coordination: Harmonized cybersecurity standards across jurisdictions
  4. Regular Assessments: Mandatory cybersecurity audits for critical aviation systems

For Customers:

  1. Account Monitoring: Regular review of airline loyalty and credit card accounts
  2. App Security: Use of updated mobile applications and strong authentication
  3. Data Awareness: Understanding of what information airlines collect and store
  4. Travel Alternatives: Backup plans for potential service disruptions

Looking Forward: The Future of Aviation Cybersecurity

The WestJet incident underscores that cybersecurity is no longer just an IT concern—it's a fundamental safety and operational issue for the aviation industry. As airlines become increasingly digitized and interconnected, the potential impact of cyberattacks will only grow.

  • AI-Powered Attacks: More sophisticated automated attack methods
  • Cloud Security: Growing reliance on cloud services creating new vulnerabilities
  • IoT Expansion: Connected aircraft systems expanding attack surfaces
  • Biometric Data: New privacy and security challenges from biometric systems

Conclusion: A Wake-Up Call for Canadian Infrastructure

The WestJet cybersecurity incident serves as a critical wake-up call for Canada's approach to critical infrastructure protection. While the immediate impact appears limited, the attack demonstrates that cybercriminals view Canadian aviation systems as viable targets.

As the investigation continues, the aviation industry must recognize that cybersecurity is not just about protecting data—it's about maintaining the trust and confidence that millions of passengers place in airline systems every day. The cost of cyber incidents extends far beyond immediate technical impacts to encompass brand reputation, customer loyalty, and ultimately, the economic viability of airline operations.

For WestJet, the true test will be how effectively they recover from this incident and what measures they implement to prevent future attacks. For the broader Canadian aviation industry, this incident should serve as a catalyst for enhanced cybersecurity collaboration between airlines, regulators, and security professionals.

In an era where cyber threats are evolving rapidly and targeting critical infrastructure with increasing sophistication, the aviation industry cannot afford to treat cybersecurity as an afterthought. The WestJet incident demonstrates that in the modern threat landscape, cybersecurity resilience is as critical to airline operations as aircraft maintenance and flight safety protocols.

Read more

The Dragon's Shadow: China's PurpleHaze Campaign Targets Global Infrastructure in Unprecedented Espionage Operation

The Dragon's Shadow: China's PurpleHaze Campaign Targets Global Infrastructure in Unprecedented Espionage Operation

SentinelOne exposes massive Chinese cyber espionage campaign spanning eight months and compromising over 70 organizations worldwide In the shadowy world of state-sponsored cyber espionage, few campaigns have demonstrated the scope, sophistication, and strategic patience exhibited by what SentinelOne researchers have dubbed "PurpleHaze." From July 2024 to March 2025,

By Breached Company