Canadian media are reporting that one of the country’s top airlines, WestJet, has had a customer data breach. WestJet app users say they were able to see personal details and account information associated with complete strangers.
Erfan Shadabi, cybersecurity expert with data security specialists comforte AG, said: “The reported data security incident involving WestJet Airlines underscores just how much personal data outside of payment information that the travel industry collects from their customers. Airline apps are hugely popular, and members provide quite a bit of personal data about who they are and what their personal preferences happen to be in order to check in faster, log and store their travel details, and collect valuable loyalty points. This incident calls into question just how secure all that personal and potentially sensitive data really is. A business in any industry which offers up a customer app needs to take data privacy and security very seriously. The first thought is to ensure that any housed data is walled off and secure. But what happens if a breach occurs (even one involving a third-party partner) and that data falls into the wrong hands? Only data-centric security methods can protect against that type of situation. Data-centric security protects the data itself instead of the “walls” around it using technologies such as tokenization or format-preserving encryption. If companies adopt a data-centric strategy, then they won’t have to worry about their customers’ private information no matter where it travels. Unfortunately, this doesn’t seem to be the case in this incident. That doesn’t mean other businesses can’t learn from the situation.”