Cybercriminals increasingly use passports and IDs for synthetic identity theft, a crime experts warn is likely to surge in 2026
LOS ANGELES – Incogni, a leading personal data removal and privacy company, today highlighted the escalating risks facing travelers across North America following WestJet’s disclosure that a June cyberattack compromised passenger data – including passports and government-issued IDs.
WestJet, one of the region’s largest airlines, operates a fleet of 153 aircraft across 104 destinations and carries more than 25 million passengers annually. The company confirmed in notices sent to customers and regulators that attackers gained unauthorized access to highly sensitive information, which may include:
- Full names, dates of birth, and mailing addresses
- Travel documents including passports or government-issued IDs
- Travel records, accommodations, and complaint filings
- WestJet Rewards Member IDs and point balances
- WestJet RBC Mastercard details (excluding CVV, expiry dates, and passwords)
While no payment card numbers were exposed, Incogni warns that passport and ID leaks pose a much more severe, long-term identity theft risk. Unlike credit cards, travel documents are difficult to replace and can be exploited for years in synthetic identity fraud, fake travel documents, and impersonation scams.
Identity theft on the rise
According to Incogni’s recent Analysis of Cybercrime and Fraud Statistics:
- Identity theft is the most reported type of cybercrime for the last five years.
- Experts estimate identity theft occurs every 22 seconds in the U.S. alone.
- 47% of document fraud cases now target passports or national IDs.
- Identity theft victims lose an average of $1,160 each, with damages exceeding $16 billion annually.
“Individuals and organizations need to better protect, and whenever possible by any means necessary not share, sensitive data in an era where it is now being used not just being stolen by cybercriminals and nation states but also by legitimate organizations that are using it for their own purposes to manipulate specific outcomes.” – Ron Zayas, CEO of Incogni
What travelers should do now
Incogni recommends that those impacted by the breach – and travelers across North America – take proactive steps to protect themselves:
- Enroll in identity theft monitoring if offered (WestJet is providing two years of free coverage).
- Report suspicious calls and phishing attempts to national anti-fraud hotlines (e.g., the Canadian Anti-Fraud Centre at 1-888-495-8501, or the FTC in the U.S.).
- Use strong, unique passwords and enable multi-factor authentication on all online accounts.
- Remove personal information from data broker and people-search sites, cutting off one of the easiest shortcuts for scammers.
About Incogni
Incogni helps individuals take back control of their personal data by removing information from data brokers, people-search sites, and third-party databases. By reducing the amount of personal data available online, Incogni lowers the risk of scams, spam, and identity theft. Trusted by thousands across North America and Europe, Incogni provides a simple, user-friendly way to minimize digital exposure.
