WestJet Data Breach
In other cybersecurity news …
Imagine logging onto an airline’s app and seeing other passengers’ personal information, such as phone numbers, home addresses, dates of birth, flight voucher details and the last four digits of their credit cards.
That’s reportedly what’s happened at Canadian airline WestJet. The airline told CBC it’s investigating after a “technical issue” with the app caused the customer data breach. The airline said the issue was resolved in less than an hour.
Erfan Shadabi is head of marketing at Comforte AG. He said the reported data security incident underscores just how much personal data outside of payment information the travel industry collects from their customers.
“Airline apps are hugely popular, and members provide quite a bit of personal data about who they are and what their personal preferences happen to be in order to check in faster, log and store their travel details, and collect valuable loyalty points,” he said. “This incident calls into question just how secure all that personal and potentially sensitive data really is.”
A business in any industry that offers a customer app needs to take data privacy and security very seriously, Shadabi said.
“The first thought is to ensure that any housed data is walled off and secure,” he said. “But what happens if a breach occurs (even one involving a third-party partner) and that data falls into the wrong hands? Only data-centric security methods can protect against that type of situation. Data-centric security protects the data itself instead of the walls around it using technologies such as tokenization or format-preserving encryption. If companies adopt a data-centric strategy, then they won’t have to worry about their customers’ private information no matter where it travels. Unfortunately, this doesn’t seem to be the case in this incident. That doesn’t mean other businesses can’t learn from the situation.”
