WestJet says customer data exposure affected less than 0.05% of customers

WestJet saysa technical issue thatexposed the personal dataof some of its online users to other customersaffected only a small number of people, and that staff would be following up with them.

On Wednesday, several people told CBC Newsthey could see profile information of other users which included phone numbers, home addresses, dates of birth, email addresses, WestJet dollar and flight voucher details,and in some cases, the last four digits of a user's credit card number.

WestJet said the issue was identified in the lateafternoon on Wednesdayand was resolved in about a half hour.

This mix-up of customer data was on both the WestJet app and online site.

In an updated statement Thursday, the airline company said less than 0.05 per cent of user profiles were affected.WestJetsaidspecific numbers are not publicly available due to the confidentiality of its rewardsprogram.

The airline said the issue arose due to achange in technology.Italso said that information like passwords, credit card numbers and passport details were not exposed.

"We take the privacy of our guests extremely seriously, and wesincerely apologizeto those impacted," WestJet said in a statement.

But one WestJet customer who spotted the glitch Wednesday remainsconcerned that it happened in the first place.

"I don't think they're taking it seriously enough," said Derek Bowen, who was able to see another customer's information.

Bowen, who is from Nanaimo, B.C., worries the problemcould have lasted longer than the airline believes, and fears he and his wife's data could have been exposed.

"I think WestJetneeds to be more transparent as to what happened," said Bowen, adding he reported the issue via Twitterbut hadyet to receive asubstantial followup by Thursday morning.

Bowen saidhe plans on removing the credit card he keeps on file,as well as his Nexus card. He will also change his password.

A spokesperson for the Office of the Privacy Commissioner of Canada said Friday that it had not received any complaints about the incident.

However, he said the office is "aware of the matter" and hasbeen in communication with WestJetto obtain more information and determine next steps.

Don't savecredit card infoonline: cybersecurity expert

Changing your password regularly should be standard practice as an online consumer,saidJohn Zabiuk, chair of NAIT's cybersecurity program in Edmonton.

Zabiuk suspects WestJet'sissue had something to do with session IDs, theunique connection code created when a computer or device connects to a server.

WestJet said the problem occurred Wednesday "as a result of an internal technology change," in their online statement.

Zabiuk saidit's a "tough situation" for customers who want to avoid situations like this astransportation booking sites often require personal information and documents to complete purchases.

Simple stepshe recommends are to frequently change passwords, makesure a password is strong (and not easy to guess), not usethe same password across multiples accounts and to never savecredit card information online.