The Office of the Privacy Commissioner of Canada has initiated an investigation into a cybersecurity incident involving WestJet, a Calgary-based airline. This incident came to light in June 2023, when the airline publicly announced on June 13 that a "sophisticated, criminal third party" had gained unauthorized access to some of its servers and software systems.

According to WestJet's statement at the time, there was no compromise of sensitive financial information, as the attackers did not obtain any credit or debit card data or customer passwords. However, the airline confirmed that certain personal and travel-related data, which varied among customers, was indeed stolen during the breach.

WestJet took steps to identify the affected individuals and communicated that they would reach out to these customers within the following days to offer additional information and support regarding the incident.

On a broader scale, the Privacy Commissioner of Canada, Philippe Dufresne, announced the opening of an investigation on Tuesday. The objective of this inquiry is to assess the security measures that were in place at WestJet prior to the breach and to evaluate how effectively the airline notified the individuals who were affected by this cybersecurity incident.

The statement from the Privacy Commissioner's office highlighted the urgency of the situation, stating, "The immediate focus is on ensuring that the company is effectively addressing the breach and protecting the personal information of its customers." The emphasis was placed on breach containment, timely notification of those impacted, and the implementation of measures to mitigate future risks.

As the investigation unfolds, additional details remain withheld from public disclosure. The focus now shifts to ensuring that WestJet fulfills its responsibilities in protecting its customers' personal information in the aftermath of this incident.