The Port of Seattle and Seattle-Tacoma International Airport (Sea-Tac) were victims of a possible cyberattack over the weekend, causing significant disruptions to their websites, email services, and phone systems. The incident, which began on Saturday morning, affected thousands of travelers and airport operations.
Lance Lyttle, Aviation Managing Director, confirmed the attack, stating, “We are conducting a thorough investigation with assistance of outside experts. We have contacted and are working closely with federal partners, including TSA and Customs and Border Protection”. The FBI’s Seattle field office acknowledged awareness of the incident and is working to determine the cause.
Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot
The cyberattack particularly impacted international travelers, as their information had to be entered manually for check-ins. Airport officials encouraged passengers to use airline apps for boarding passes and bag tags and to allow extra time to reach their gates. Despite the outages, TSA security operations remained unaffected.
“The Port isolated critical systems and is in the process of working to restore full service with the assistance of industry experts. There is currently no estimated time for return,” Seattle added.
“International travelers should give themselves extra time if coming to SEA. Some of our airline partners are currently providing manual bag tags and boarding passes,” Seattle-Tacoma Airport Authorities said.
They are also running a temporary website to post updates.
As of Sunday afternoon, Port of Seattle’s public-facing web infrastructure, including its website, was still largely offline. The airport reported progress in restoring systems but could not provide an estimated time for full-service resumption, reads Seattle incident report.
The incident resulted in flight delays and baggage handling issues. According to FlightAware, 247 flights were delayed, and six were canceled by Saturday evening. Alaska Airlines reported manually sorting over 7,000 bags due to the disruption.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial