Fourth consecutive day of airport system disruptions due to cyberattacks in Seattle
In a significant cybersecurity incident, Seattle-Tacoma International Airport and the Port of Seattle fell victim to a ransomware attack by the hacker group Rhysida in August 2024. The attackers seized over 90,000 files of sensitive airport data and posted them on the dark web, demanding a ransom of 100 bitcoin (approximately $6 million at the time).
The attack caused a three-day outage of internet, phone, and other systems at the airport, leading to extended wait times for travelers. Lance Lyttle, aviation managing director at the Port of Seattle, provided a Sunday update, stating that they cannot yet say when the situation will be resolved. Despite the challenges, most flights are departing and arriving as scheduled, with only four cancellations.
Frontier Airlines, Spirit Airlines, Sun Country Airlines, and international carriers that use the airport's common use check-in counters, gates, and kiosks are especially impacted by the ongoing outages. However, security checkpoints and systems at the airport remain unaffected. Cruise ship operations at the Port of Seattle are operating as normal.
The Seattle-Tacoma International Airport is working with outside resources and their robust IT department to handle the situation quickly. The port is conducting an investigation into the cyberattack, with assistance from outside experts, the TSA, and federal agencies. The Seattle-Tacoma International Airport's passenger terminal and airport security systems remain intact.
In addition to the Rhysida attack, the FBI has warned that another cybercriminal group called Scattered Spider has been expanding its targeting to the airline and airport sector, using social engineering tactics to impersonate employees and gain IT help desk access. This group often uses stolen data to extort victims and deploy ransomware.
It is important to note that this incident should not be confused with a separate incident in July 2025 involving Alaska Airlines, which experienced a major IT outage causing nationwide flight ground stops. However, Alaska Airlines confirmed their 2025 outage was not due to a cyberattack but a technical certificate issue affecting multiple systems.
Airport staff and airport personnel are manually handwriting boarding passes and sorting bags, causing delays. Many other services for the Port of Seattle, including the facilities' primary websites, phone, email, Wi-Fi, flight display screens, common use check-in kiosks, and the airport's lost and found, remain offline.
The Department of Homeland Security did not respond to a request for comment. The FBI is aware of the incident but declined to comment further.
In conclusion, the nature of the 2024 cyberattack on Seattle-Tacoma International Airport and the Port of Seattle was a ransomware and data breach attack by the Rhysida hacker group, causing major system outages and extortion attempts. The incident reflects growing ransomware and social engineering threats targeting the aviation sector.
- The current cybersecurity threat landscape in the aviation sector is increasingly worrying, as evident by the recent ransomware attack on Seattle-Tacoma International Airport and the Port of Seattle, and the FBI's warning about another group called Scattered Spider targeting airlines and airports.
- The ransomware attack on Seattle-Tacoma International Airport and the Port of Seattle in August 2024, carried out by the Rhysida hacker group, highlighted the importance of robust cybersecurity measures in the technology-reliant general-news and crime-and-justice sectors.
