Canadian carrier WestJet said on Monday the personal infor
mation of some passengers was exposed in a cybersecurity breach earlier this year, though no payment data was compromised.
The airline said it detected suspicious activity on June 13 and later
determined that a “sophisticated, criminal third party” had gained unauthorized access to its systems.
The aviation industry’s growing dependence on complex digital systems and vast stores of passenger data ha
s made it an increasingly attractive target for cybercriminals.
Earlier this month, a ransomware attack on Collins Aerospace, a unit of RTX, disrupted operations acro
ss major European airports, crippling check-in and baggage systems at popular hubs such as London’s Heathrow and Berlin.
WestJet said the type of data exposed in the breach varied but c
ould include names, contact details, travel information and documents tied to reservations.
However, no credit card and debit card numbers, expiration dates and CVV numbers were obtained during the breach.
In a notice to U.S. residents on Monday, the carrier said it had worked closely with law enforcement ag
See more beautiful photo albums Here >>>
encies, including the Federal Bureau of Investigation and the Canadian Centre for Cyber Security.
It also notified relevant authorities, including the attorneys general of U.S. states where residents were affected.
(Reporting by Shivansh Tiwary in Bengaluru; editing by Krishna Chandra Eluri)
CoWorx, which operates in all 50 states, hired Massachusetts cloud sourcing firm Congruity to provide virtual machines running Microsoft Windows to run
CoWorx’s web-applications. Under the contract, Congruity was responsible for providing CoWorx with new virtual machines as needed, as well as for securing the hos
t virtualization servers and network. Congruity was responsible for providing “safeguards to secure the operat
ion of the IT systems” that contain CoWorx data including remote access controls such as multi-factor authentication (
MFA). However, according to ACE’s complaint, Congruity never established nor enforced MFA to log into the network.
CoWorx was itself responsible for security of the network at the guest virtual machine level. To accomplish this,
CoWorx contracted with an Illinois cybersecurity firm, Trustwave, to moni
guest level machines hosted at Congruity’s co-location facility. Tru
stwave installed detection and response software on th
e CoWorx server and fed logs and other information to Trustwave’s security center which constantly monitored the network.