Seattle-Tacoma International Airport officials confirmed Sunday that an apparent cyberattack took down websites, email and phone services at the airport and Port of Seattle this weekend, disrupting travel plans.
The outages were first reported Saturday morning and stretched into Sunday afternoon, with officials offering no timeline for when normal operations would be restored.
A spokesperson for Alaska Airlines said staff was manually sorting over 7,000 bags, because “a majority” of checked bags missed their flights this weekend.
“We believe this was a cyberattack,” said Lance Lyttle, managing director of aviation for Sea-Tac Airport, at a news conference Sunday afternoon.
The FBI’s Seattle field office said Sunday that federal agents were “aware of the incident and working with our partners to determine what happened.”
Lyttle confirmed the airport was “working with federal partners,” but said he could not disclose which agencies were involved. He also could not say what the intentions of the cyberattack were or if any personal data had been compromised.
Security operations at Sea-Tac continued despite the apparent attack, with 72,000 people flying out of Sea-Tac on Sunday, said Greg Hawko, Washington state’s federal TSA security director.
“We’ve continued to provide the world-class security that TSA provides every day,” Hawko said. “All checked bags and all passengers were screened with our robust security procedures. Our nearly 1,000 TSA officers here at Seattle airport continue to provide the highest level of security.”
While most flights remained on schedule, baggage sorting systems were disrupted, as well as some terminal screens. Port of Seattle spokespeople advised travelers to arrive at the airport early, pack light and keep essential belongings in their carry-on luggage.
Delta Air Lines and Alaska Airlines, which both use Sea-Tac as a hub, said their flight schedules were not interrupted. America Airlines also said it was not disrupted.
However, airlines that use the airport’s “common use gates” have had to handwrite boarding passes and manually search bags.
Many international airlines, as well as Frontier, Spirit and WestJet, use the common gates, a spokesperson for the airport said.
“We have had airline staff doing things like handwriting boarding passes and sorting bags manually,” Lyttle said. He added that everyone was “working towards the goal of keeping the airport operating.”
A spokesperson for Sun Country Airlines noted delays of more than two hours. Two Sun Country flights were affected Saturday and three on Sunday.
The incident comes on the heels of another in July that cybersecurity company Crowdstrike said resulted from a problem with an otherwise routine software update. That mass internet outage grounded flights and disrupted business operations nationwide.
Nearly a decade ago, the Government Accountability Office pointed to the increasing vulnerability of airline operations to cyberattacks, given the increasing interconnectedness and dependence between industry operations and the internet.
“Significant security-control weaknesses remain that threaten the agency’s ability to ensure the safe and uninterrupted operation of the national airspace system. FAA has agreed to address these weaknesses,” the report stated.
While advances have been made since, Federal Aviation Administration Chief Counsel Marc Nichols said in a speech in May 2023 that we “can reasonably anticipate the type and number of threats will continue to increase, as will the diversity of malicious actors.”
Cyberattacks have affected other basic services in Seattle in recent months, including a malware attack on the Seattle Public Library in May, which the library system was still recovering from this month. A February hack at Change Healthcare impacted several Washington hospitals.