WestJet said it’s investigating after a “technical issue” with the airline’s app Wednesday afternoon allowed some users to see the personal data of other customers.

Several people told CBC News they could see profile information of other users which included phone numbers, home addresses, dates of birth, email addresses, WestJet dollar and flight voucher details, and in some cases, the last four digits of a user’s credit card number.

In an emailed statement to CBC News, a WestJet spokesperson said at 3:53 pm MT, “a technical issue was identified that impacted guest profiles on the WestJet App.” It added the issue was resolved at 4:27 pm MT.

However, Paul Baines, a WestJet app user who was able to see multiple profiles on the app, said he believes the issue lasted an hour longer than WestJet indicated.

Victoria Angus shared screenshots of some of the different users’ profiles and personal information she was able to see when she logged into her WestJet app on Wednesday. (Submitted by Victoria Angus)

Baines, who is from London, England, is visiting his partner Victoria Angus in Toronto. Angus said she first noticed the issue around 3 p.m. MT when she logged onto her app to check flights to London.

“When I went into my profile, the profile had some random person’s name,” Angus said. She could see the person’s contact information along with some of their credit card information. 

When she went to see her member information, Angus said she saw the personal information of a second person.

“Four or five times this was happening that it was randomly putting in different profile information every time I refreshed the screen.”

Baines said when he looked on the app, in some cases he could see the last four numbers of other users’ credit cards and the name of the credit card company, in addition to other private data.

WestJet apologizes

“There was enough information that if you had a nefarious actor, you could have done damage to people’s data records,” he said.

“This is a very serious data breach with regards to this data being available.”

In its statement, WestJet apologized to guests for the disruption and said it’s investigating the issue.

“We take the privacy of our guests extremely seriously and will continue to provide updates to our guests as required,” WestJet said. 

WestJet did not respond to CBC’s questions about how many people were impacted by the technological glitch and how many users’ personal information was shared.

When Derek Bowen logged into his WestJet app on Wednesday he was able to see the information of two other users, including travel bank details. (Submitted by Derek Bowen)

Other WestJet app users reported similar experiences on Twitter Wednesday afternoon.

Derek Bowen from Nanaimo, B.C., said when he looked on his app, he saw the personal contact information of two other users, as well as their travel banks, rewards banks and what travel vouchers they had available.

“It just shocked me that I could actually get that information,” he said.

Users not satisfied with response

Baines, Angus and Bowen said they immediately reached out to WestJet to report the issue when they discovered it, but were disappointed with the results. 

Angus reached out on social media and got an automated response. She then called the customer service line, where she got little information. 

“They’re like, ‘yes, we’re aware of the the problem. We aren’t IT, so we don’t know what to do. You know, they’re fixing it.’ And that was pretty much it,” she said.

Angus said she pushed back with the airline, asking that someone contact her to let her know if anyone saw her personal information.

“Because if I’m accessing somebody else’s, potentially  somebody’s accessing mine. I want to know how many hits have been on my data.”

Baines tried contacting a technology officer who works for WestJet through LinkedIn. He said he explained the issue to the employee and was told the airline was looking into it.

Meanwhile, Bowen said he sent the airline a direct message on Twitter, but he did not hear back.

“What’s actually struck me is that there’s been no release from WestJet on Twitter or on their websites,” he said.

Baines added: “We’re now in a position of that data that has got out from a secure environment. So do I trust using this company again? I would say my trust in the company has gone down.”

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *