Pierluigi Paganini
April 05, 2025
In August 2024, a cyber attack hit the Port of Seattle, which also operates the Seattle-Tacoma International Airport. The attack impacted websites and phone systems. According to The Seattle Times, the cyber attack disrupted travel plans.
The Port of Seattle first reported experiencing an internet and web systems outage. According to a message posted on X, the problems impacted some systems at the airport.
In response to the incident, the Port isolated critical systems.
In September 2024, Port of Seattle confirmed that the Rhysida ransomware group was behind the cyberattack. The Rhysida ransomware group has been active since May 2023. The ransomware gang hit organizations in multiple industries, including education, healthcare, manufacturing, information technology, and government sectors. The victims of the group are “targets of opportunity.”
“This incident was a “ransomware” attack by the criminal organization known as Rhysida. The efforts our team took to stop the attack on August 24, 2024, appear to have been successful. There has been no new unauthorized activity on Port systems since that day. We remain on heightened alert and are continuously monitoring our systems.” reads the update published by the agency. “It remains safe to travel from Seattle-Tacoma International Airport and use the Port of Seattle’s maritime facilities.”
The Port confirmed that an unauthorized actor accessed and encrypted parts of their computer systems, disrupting key services like baggage handling, check-in kiosks, ticketing, Wi-Fi, and parking. The company also states that it has refused to pay the ransom, for this reason, the ransomware group may publish stolen data.
This week, the Port of Seattle revealed that the ransomware attack impacted 90,000 people. The Port started notifying impacted individuals after their personal information was compromised.
While our response and recovery are still ongoing, we wanted to share updated information about what happened, what we have been doing, and how we are further strengthening our security. It remains safe to travel from SEA and use Port of Seattle maritime facilities.
— Seattle-Tacoma Intl. Airport (@flySEA) September 13, 2024
“The Port has completed its investigation and is sending approximately 90,000 individual notifications to affected individuals with an available mailing address. Approximately 71,000 individuals affected live in Washington state.” reads the notice published by the Port. “Mailed notices will include information on how affected individuals can access free credit monitoring services from the Port. Please visit our cyberattack webpage for additional information.”
Threat actors stole individuals’ information that included some combination of names, dates of birth, Social Security numbers (or last four digits of Social Security number), driver’s license or other government identification card numbers, and some medical information.
“The threat actors accessed and downloaded some personal information from previously used Port systems for employee, contractor, and parking data. The Port holds very little information about airport or maritime passengers, and systems processing payments were not affected.” concludes the notice.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Port of Seattle)
