In a cybersecurity breach raising concerns in the aviation sector, Canadian airline WestJet announced on Monday that personal data of some passengers was exposed during a hack earlier this year, although payment data remained secure, highlighting growing challenges in protecting travelers’ digital information.

The announcement followed months of internal investigations after suspicious activity was detected on June 13. It was later revealed that a “sophisticated criminal external party” gained unauthorized access to their systems, according to an official company statement.

The exposed data included passenger names, contact details, travel information, and booking-related documents such as passports. However, the company confirmed that credit or debit card numbers, expiration dates, or CVV codes were not stolen.

WestJet is Canada’s second-largest airline after Air Canada, founded in 1996 and operating as a low-cost carrier since 2001, serving over 100 domestic and international destinations with a fleet of about 230 Boeing aircraft.

A company spokesperson said in a statement: “We take this matter seriously and are working closely with authorities to enhance our security,” adding that analysis is ongoing and that the company will contact affected individuals to provide support, including fraud monitoring services through Cyberscout.

The company also notified affected U.S. residents and cooperated with the FBI, the Canadian Centre for Cyber Security, and informed general counsels in affected states.

This announcement comes amid rising cyberattacks on the aviation industry, with a September attack on Collins Aerospace disrupting operations at major European airports such as Heathrow, London, and Berlin.

This is WestJet’s second breach this year following a previous announcement in August about stolen passport data, raising questions about the effectiveness of security measures.

The company indicated it will strengthen its cybersecurity protocols amid concerns over identity theft or fraud risks, especially as passengers increasingly rely on digital booking apps. It urged passengers to verify messages through official channels and confirmed that operations were not affected during the breach.

The incident highlights the vulnerability of digital systems in aviation. IBM, one of the world’s largest and oldest technology companies, reported that the average cost of a breach in the sector reaches $4.18 million, with attacks increasing by 20% compared to the previous year.