Cyberattack Hits WestJet, Impacting Internal Systems and Mobile App Access
Canadian airline WestJet is responding to a cybersecurity incident that disrupted access to internal systems and affected mobile app functionality for users across the country. The breach was first disclosed in a security notice published on the company’s website, confirming restricted access to systems used by both staff and passengers.
“WestJet is aware of a cybersecurity incident involving internal systems and the WestJet app, which has restricted access for several users,” the company said in a public statement.
The airline has activated specialized internal response teams and is working closely with law enforcement and Transport Canada to investigate the incident and contain its impact. Though the company has restored access to the app and website, certain software and backend services remain affected.
Limited Operational Disruption Reported
In an update issued Saturday morning, WestJet confirmed that core flight operations remain safe and active, despite the disruption to internal digital tools.
It remains unclear whether the attack involved ransomware encryption or if WestJet voluntarily shut down systems to prevent further compromise. No specific threat actor has claimed responsibility, and the company has not disclosed whether any sensitive data was accessed or stolen.
“We are expediting efforts to maintain the safety of our operation and safeguard sensitive data and personal information for both our guests and employees,” WestJet stated, apologizing to customers for the inconvenience caused.
Aviation Systems Under Threat
This incident adds to the growing list of cyberattacks targeting the aviation sector, where system uptime, employee access, and customer trust are all critical to ongoing operations. Airlines, with their broad digital footprints and high-value data, remain prime targets for disruptive attacks.
As of now, the breach has not been publicly confirmed as ransomware, but the disruption to internal systems and service availability fits a broader pattern observed in recent targeted intrusions against transport infrastructure.
The Solution: Immutable and Air-Gapped Backup Infrastructure
For aviation and transport companies, system resilience is not optional—it’s essential. The WestJet incident reinforces the need for robust backup strategies that can withstand malicious attacks on both live and backup infrastructure.
If you’re looking to strengthen your defenses, check out this enterprise-grade option built specifically for ransomware resilience:
StoneFly DR365 for Veeam—a fully air-gapped, immutable backup and recovery appliance trusted by large organizations to ensure operational continuity even during sophisticated cyberattacks.
