Seattle‑Tacoma International Airport (SEA) – ransomware attack, August 24 2024
- What happened.
– On 24 August 2024 the Port of Seattle discovered that systems serving Seattle‑Tacoma International Airport and the adjacent port were experiencing outages consistent with a cyber‑attack. Port officials isolated systems and took some networks offline[1].
– The attack (attributed to the Rhysida ransomware group) crippled the airport’s internet connection, Wi‑Fi, phone systems, flight‑display boards, common‑use check‑in kiosks and baggage conveyor controls[2]. Agents had to hand‑write boarding passes and manually sort baggage, causing long lines and confusion[2].
– Flight reader boards and the airport’s Wi‑Fi service were offline; ticketing and baggage systems were done manually; international tickets were handwritten[3]. Volunteer staff helped move luggage, and more than 400 flights were delayed or cancelled during the peak‑season outage[3].
– According to the Port of Seattle, the attack compromised data stored in some legacy systems. Notices were mailed to ~90 000 people whose names, dates of birth and Social‑Security numbers may have been accessed[1]. The port emphasised that flight operations remained safe[4]. - Effect on travellers. Travellers at SEA airport faced manual check‑in, handwritten boarding passes and baggage delays. The disruption lasted several days and created frustration and confusion[2]. Some passengers also feared identity theft after learning that personal data stored in port systems had been stolen[1].
- Why the risk remains. The Rhysida group demanded a Bitcoin ransom but the port refused to pay. The breach highlighted how interconnected airport and port systems share vulnerabilities. Without robust segmentation and multifactor authentication, future ransomware campaigns could again disrupt SEA. The port has strengthened security but is still rebuilding systems months later[5].
Los Angeles International Airport (LAX) – DDoS attack, 12 Feb 2024
- What happened. On 12 February 2024 the pro‑Russian Dark Strom Team launched a distributed‑denial‑of‑service (DDoS) attack on Los Angeles International Airport. According to cyber‑threat firm Resecurity, the attack flooded the airport’s network with traffic and temporarily knocked the airport’s website and online services offline. Passengers who relied on the website for flight information, parking and bookings were left in disarray until staff restored services[6]. Investigators concluded that the attack targeted public‑facing systems rather than safety‑critical systems.
- Effect on travellers. Because the website and mobile apps were offline, travellers had difficulty obtaining flight schedules, parking information and check‑in services. Airport staff implemented contingency plans and restored services, but the incident exposed how digital‑only services can strand travellers when attacked[6].
- Why the risk remains. LAX is one of the busiest airports in the U.S., making it an attractive target for hacktivists seeking publicity. The February 2024 DDoS attack exploited the airport’s reliance on web‑based services; similar campaigns could recur if DDoS mitigation isn’t continually updated.
Hartsfield‑Jackson Atlanta International Airport (ATL) – DoS attack on website, 28 Mar 2025
- What happened. On 28 March 2025 Atlanta’s Hartsfield‑Jackson airport confirmed a denial‑of‑service (DoS) attack that briefly disrupted its public website. Airport officials told FOX 5 Atlanta that the ATL technology team detected the attack, followed standard protective protocols and restored website access. Flight operations were not affected[7].
- Effect on travellers. Travellers attempting to check flight information or parking services through the website encountered delays. Because the attack targeted only the website and not operational systems, there was no impact on flights or security[7].
- Why the risk remains. Cybersecurity analysts note that DoS attacks are often used by hackers to test defences or create publicity[7]. ATL’s rapid response limited the impact, but major hubs like Atlanta remain attractive targets; without continuous DDoS protection, similar attempts could occur again.
Los Angeles International Airport (LAX) – March 18 2025 hacktivist DDoS (unverified)
- What was reported. The cybersecurity research firm SOCRadar reported that on 18 March 2025 the Dark Storm Team claimed another DDoS attack on LAX, allegedly flooding flight‑information displays, baggage‑handling systems and electronic check‑in terminals[8]. The report said screens went blank, staff managed passenger flows manually and there were visible delays[8]. No data theft or ransom was reported.
- Caution. As of November 2025 there is no confirmation from mainstream news outlets or official airport statements that this attack occurred. While such cyber‑intelligence reports highlight potential threats, travellers should treat the March 18 2025 LAX incident as unverified. Its inclusion here illustrates how rumours of cyber‑attacks can themselves create anxiety among travellers.
- Implications. Whether or not the March 2025 DDoS occurred, LAX remains a high‑profile target. Hacktivist campaigns have demonstrated the ability to disrupt non‑critical systems; a successful attack could cause delays and confusion even without compromising safety‑critical infrastructure.
Harrisburg International Airport (HIA) – public‑address system hack, mid‑Oct 2025
- What happened. Around 14 October 2025 unknown hackers gained access to the public‑address systems at Harrisburg International Airport in Pennsylvania and several Canadian airports. The intruders broadcasted pro‑Palestinian and anti‑Trump messages such as “Free Palestine” and “F*** Netanyahu and Trump,” startling travellers[9]. UpNorthLive later reported that on 16 October 2025 the hack lasted about ten minutes; a Delta flight returned to the gate for a precautionary security sweep and the Transportation Secretary condemned the breach[10].
- Effect on travellers. Travellers heard political messages over the airport loudspeakers and saw similar text on information screens[11]. The messages caused confusion and fear, though no flights were cancelled.
- Why the risk remains. PA and information‑display systems are often less segregated than flight‑control systems. The hack showed that attackers can exploit networked announcement systems to spread propaganda. Unless airports strengthen segmentation and authentication for these systems, hacktivists may repeat such incidents.
Rhode Island Airport Corporation / T.F. Green International Airport (PVD) – email‑account data breach, May 2025
- What happened. The Rhode Island Airport Corporation (RIAC), which operates T.F. Green International Airport, notified 151 individuals that their personal information may have been exposed in a data breach. Yahoo News, citing WPRI, reported that RIAC detected suspicious activity in two employee email accounts on 21 May 2025 and discovered unauthorized access to those accounts on 30 May 2025[12]. The unauthorized access occurred between 14 May and 21 May 2025. The compromised files contained personal data of travellers; RIAC offered five years of credit monitoring and identity protection[12].
- Effect on travellers. While the breach did not affect airport operations, individuals whose data were exposed faced potential identity‑theft risks. RIAC advised them to monitor accounts and credit reports and provided guidance on placing credit freezes[12].
- Why the risk remains. The breach underscores how phishing or credential theft against employees can expose traveller information. Without strict email security and regular monitoring, airports could again experience similar data compromises.
CrowdStrike‑related IT outage (not a cyber‑attack) – 19 July 2024
- What happened. A faulty update from cybersecurity vendor CrowdStrike caused a global IT outage on 19 July 2024 that crippled Windows systems worldwide. Delta Air Lines, whose main hub is Hartsfield‑Jackson Atlanta International Airport, was forced to cancel flights and ground operations. According to Wikipedia’s description of the event, thousands of travellers slept on airport floors, unaccompanied minors were temporarily banned, and days of delays ensued[13].
- Why mention it. Although this incident was not a malicious cyber‑attack, it demonstrates that software glitches can leave travellers stranded just like cyberattacks. The event underscores the need for resilient IT infrastructure and backup procedures at airports.
How travellers can protect themselves
Monitor personal data. After a breach, enroll in any offered credit‑monitoring services and check account statements and credit reports regularly. Use strong, unique passwords and enable multifactor authentication on frequent‑flier accounts.
Stay informed. Follow your airline’s official alerts and check flight status through multiple channels (airline app, text alerts, airport displays). During disruptions, rely on official sources rather than social media rumours.
Allow extra time. During peak seasons or after news of a cyberattack, plan to arrive earlier. Manual check‑in procedures, longer security lines and baggage delays are common after cyber incidents.
Prepare offline backups. Take screenshots or print boarding passes and reservation codes before arriving at the airport. Carry cash or physical credit cards in case electronic payment systems are disrupted.
Tags: Seattle-Tacoma International Airport ransomware attack, cyberattack
