Members of the U.S. Senate Committee on Commerce, Science, & Technology, chaired by Sen. Maria Cantwell, D-Wash., pressed officials from Seattle-Tacoma International Airport Wednesday about last month’s cyberattack that disrupted travel for a week.
“Our aviation industry is under constant threat from cyberattacks, up 74% since 2020,” Cantwell said.
“Last month, Seattle-Tacoma International Airport was hit by a ransomware attack forcing airport leaders to shut down systems that run everything,” said Cantwell, noting she passed through the airport during the chaos to find all display boards down, meaning she was unsure which gate she should go to for her flight.
The Aug. 24 attack was confirmed to be a ransomware incident perpetrated by the “Rhysida,” a Russian-based ransomware-as-a-service operation that allows criminals to use the platform to extort victims
The attack led to outages affecting key systems, including baggage handling, check-in kiosks, ticketing, Wi-Fi, passenger display boards, and the Port of Seattle’s website and app. Maritime operations run by the Port of Seattle were also impacted.
According to a statement from the Port of Seattle, swift action was taken to isolate critical systems and prevent further unauthorized access. However, during Wednesday’s congressional hearing, Sea-Tac’s airport’s Managing Director Lance Lyttle told committee members that while they did everything to protect compromised data, the infiltrators were able to gain access to personal identification information.
“Our team was able to bring the majority of impacted systems back online within a week,” Lyttle said. “The threat actor was able to encrypt some of our computer systems and copy some data. The matter is under criminal investigation by the FBI.”
He added, “Rhysida demanded a ransom, but we did not pay it.
“On Monday, they [Rhysida] posted on their dark website a copy of eight files stolen from port systems and are seeking ransom to buy the data,” Lyttle explained. “We are currently reviewing the files published on the leaked site as well as others we believe were copied.”
He went on to say, “We will identify any individual whose personal information has been compromised and provide appropriate support.”
Lyttle did not say how many individuals’ private data was stolen or whether that information was entirely the port and airline employees’ or potentially passengers’.
John Breyault, vice president of Public Policy, Telecommunications, and Fraud with the National Consumers League, urged committee members to consider the harm to passengers caused by these incidents.
“Flights are delayed or canceled, personal information is compromised, and families can find themselves stranded for days,” said Breyault, who shared the story of one family stranded in Seattle for days due to last month’s cyberattack on Sea-Tac airport.
The family ended up spending $7,500 on new flights and accommodations.
Breyault also raised concerns about security surrounding airline reward programs.
“The value of unused miles sitting in customers rewards accounts is staggering,” he said. “According to one estimate, the top five U.S. airline loyalty programs ended 2020 with a combined balance of $27.5 billion in unused miles.”
He continued: “Stolen airline miles fuel a thriving market on the dark web where crooks redeem stolen miles for gift cards or by purchasing airline tickets,”
Breyault urged committee members to work with airlines to require more account security to protect passengers.
Retired U.S. Air Force Brig. Gen Marty Reynolds, managing director for cybersecurity at Airlines for America, testified that airlines are also burdened by reporting requirements and regulations.
“Does it help or make it harder for the airlines?” asked Sen. Shelley Moore Capito, R-West Virginia, who said she was aware that airlines are required to report to 10 different agencies with 10 different timelines and have other reporting requirements as well. “Is it burdensome and less efficient?”
“All of the above, ma’am,” Reynolds answered.
