WestJet says customer data exposure affected less than 0.05% of customers - Action News
Home WebMail Monday, November 11, 2024, 12:15 AM | Calgary | -0.4°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Calgary

WestJet says customer data exposure affected less than 0.05% of customers

Westjet says thata technical issue thatexposed the personal dataof some of theironline users to other customersaffected only a small number of people, and that they willbe following up with them.

'I don't think they're taking it seriously enough,' says one customer

WestJet says the customer data issue that happened Wednesday arose because of an internal technology change. (Evan Mitsui/CBC)

WestJet saysa technical issue thatexposed the personal dataof some of its online users to other customersaffected only a small number of people, and that staff would be following up with them.

On Wednesday, several people told CBC Newsthey could see profile information of other users which included phone numbers, home addresses, dates of birth, email addresses, WestJet dollar and flight voucher details,and in some cases, the last four digits of a user's credit card number.

WestJet said the issue was identified in the lateafternoon on Wednesdayand was resolved in about a half hour.

Victoria Angus shared screenshots of some of the different users' profiles and personal information she was able to see when she logged into her WestJet app on Wednesday. (Submitted by Victoria Angus)

This mix-up of customer data was on both the WestJet app and online site.

In an updated statement Thursday, the airline company said less than 0.05 per cent of user profiles were affected.WestJetsaidspecific numbers are not publicly available due to the confidentiality of its rewardsprogram.

The airline said the issue arose due to achange in technology.Italso said that information like passwords, credit card numbers and passport details were not exposed.

"We take the privacy of our guests extremely seriously, and wesincerely apologizeto those impacted," WestJet said in a statement.

Derek Bowen, from Nanaimo, B.C., logged into his WestJet account Wednesday only to see two other people's private data. (Submitted by Derek Bowen)

But one WestJet customer who spotted the glitch Wednesday remainsconcerned that it happened in the first place.

"I don't think they're taking it seriously enough," said Derek Bowen, who was able to see another customer's information.

Bowen, who is from Nanaimo, B.C., worries the problemcould have lasted longer than the airline believes, and fears he and his wife's data could have been exposed.

"I think WestJetneeds to be more transparent as to what happened," said Bowen, adding he reported the issue via Twitterbut hadyet to receive asubstantial followup by Thursday morning.

Bowen saidhe plans on removing the credit card he keeps on file,as well as his Nexus card. He will also change his password.

A spokesperson for the Office of the Privacy Commissioner of Canada said Friday that it had not received any complaints about the incident.

However, he said the office is "aware of the matter" and hasbeen in communication with WestJetto obtain more information and determine next steps.

Don't savecredit card infoonline: cybersecurity expert

Changing your password regularly should be standard practice as an online consumer,saidJohn Zabiuk, chair of NAIT's cybersecurity program in Edmonton.

Zabiuk suspects WestJet'sissue had something to do with session IDs, theunique connection code created when a computer or device connects to a server.

A guy with glasses sits at a table with a piece of paper and cell phone on the table
John Zabiuk, a cybersecurity expert at NAIT in Edmonton, says that people should never save their credit card information when creating online customer profiles. (CBC)

WestJet said the problem occurred Wednesday "as a result of an internal technology change," in their online statement.

Zabiuk saidit's a "tough situation" for customers who want to avoid situations like this astransportation booking sites often require personal information and documents to complete purchases.

Simple stepshe recommends are to frequently change passwords, makesure a password is strong (and not easy to guess), not usethe same password across multiples accounts and to never savecredit card information online.