Seattle-Tacoma Intl Airport cyberattack triggers handwritten boarding passes


Handwritten boarding passes are being issued to travelers flying out of Seattle-Tacoma International Airport (SEA), which is still struggling to recover from a massive cyberattack over the weekend.

The cyberattack – which has not officially been confirmed – caused a systemwide outage throughout the busy West Coast hub beginning on Saturday, August 24th, around 4:30 p.m. PT, according to an interim website under the Washington Public Ports Association.

Airport officials say The Port has been able to “isolate critical systems and is in the process of working to restore full service with the assistance of industry experts.”

ADVERTISEMENT

Sea-Tac said it is working to help impacted travelers, but is unable to estimate when systems and services would be restored.

Seattle-Tacoma Intl Airport cyberattack notice
www.washingtonports.org. Image by Cybernews.

The Washington state airport hosts major carriers Alaskan Airlines and Delta Air Lines (which suffered its own catastrophic outage during last month’s CrowdStrike/Microsoft Windows update debacle), but it appears its smaller carriers, Frontier, Spirit, Sun Country, JetBlue, and International Airlines, have been specifically affected.

The facility typically handles about 1400 flights a day between arrivals and departures, yet SEA Director Lance Lyttle told media on Sunday that “even with the current challenges that we’re facing right now,” the airport had only experienced “four cancellations” since the incident began.

Furthermore, Alaska Airlines said it was “manually sorting over 7,000 bags because a majority’ of checked luggage missed their flights over the weekend,” reported the Seattle Times.

Critical infrastructure attacks have lasting effects

Nick Tausek, Lead Security Automation Architect at Swimlane sais that the Port of Seattle cyberattack serves as a stark reminder of the vulnerabilities within critical infrastructure.

“Airports, which serve as vital hubs in the global transportation network, specifically with Sea-Tac as the busiest airport in the Pacific Northwest region, are increasingly attractive targets for cybercriminals,” he said.

ADVERTISEMENT

What’s more, Tausek explained that threats to “shipping ports, airports, and other physical infrastructure not only create a nightmare for travelers but also emphasize the fragility of many of these interconnected systems and cause lasting supply chain issues.”

With its website completely incapacitated, Sea-Tac announced on Tuesday it was making some progress on “getting elements” of the baggage system up and running by “implementing a variety of methods to ensure bags reach their aircraft.”

Since the attack, airlines have asked passengers to pack using carry-on luggage only and have warned travelers to arrive extra early and plan ahead for long queues.

The airport's entire ticketing system and all self-serve kiosks are completely out, leading to some airline partners to use “manual bag tags and boarding passes,” Sea-Tac officials announced on Sunday.

Travelers are being urged to print their tickets at home or load them on their mobile phones and are reminded to check for flight updates as well before leaving for the airport as all flight display boards are also down.

SEA provided a list of unavailable services, which include:

  • WiFi
  • Port of Seattle website
  • flySEA app unless downloaded previous to 8/24/2024.
  • SEA Visitor Pass
  • Lost and Found
  • Electronic displays
  • TSA wait times

The Port of Seattle Maritime Facilities phone systems were down as a part of the system outage, although cruise ships are still operating as scheduled, while the airport’s parking app and interactive online map are also still working, officials reported.

ADVERTISEMENT

Nefarious characters found aboard Sea-Tac systems

Sea-Tac is currently working with federal agencies, including the FBI, Homeland Security, and the Transportation Security Administration (TSA), according to Airport spokesperson Perry Cooper.

Cooper also revealed that the agencies had seen “some nefarious characters, that may have been in our system early in the morning on Saturday,” leading IT teams to “turn off our entire system to avoid anything further.”

Tausek noted that in March of 2023, "TSA issued regulations for airports and aircraft operators requiring pre-approved implementation plans for increased security measures."

However, Tausek also pointed out that the aviation and shipping industry remains complex and interconnected.

“Cybersecurity must be prioritized as a core component of its risk management strategy. In the wake of these threats, airports need to prioritize cybersecurity measures to not only safeguard critical data and public safety but to ensure the operational efficiency of these systems," he said.

SEA said the facility is bracing for an expected and very busy Labor Day holiday weekend starting this Thursday August 28th through Monday, September 2nd.

Attacks on the aviation industry have become a regular occurrence in recent years. In January, global aviation leasing giant AerCap was hit, as well as Kenya Airways.

ADVERTISEMENT

In 2023, the sector saw attacks on Air Canada, claimed by the BianLian ransomware gang, Boeing by the LockBit gang, and Japan Aviation Electronics by ALPHV/BlackCat.

No cybercriminal group has come forward to claim responsibility for an attack on the Seattle Tacoma Airport so far.