The Port of Seattle has disclosed that a ransomware attack that hit its systems in August 2024 compromised the personal data of 90,000 individuals—primarily employees and contractors tied to its operations.
The cyberattack, which occurred on August 24, forced the Port to take critical systems offline, affecting major facilities like the Seattle-Tacoma International Airport (SEA Airport), Fishermen’s Terminal, and public marinas. In the aftermath, it was confirmed that a ransomware group known as Rhysida was behind the intrusion.
By mid-September, officials acknowledged that Rhysida demanded a $6 million ransom—a payment the Port refused to make. Shortly afterward, the hackers listed the Port on their dark web site and claimed to have stolen over 3 terabytes of sensitive data, offering it up for auction. Some of the stolen data has already been leaked online.
What Data Was Exposed in the Ransomware Breach?
On April 3, the Port confirmed that the stolen data included highly sensitive information. Among the compromised details were:
- Full names
- Dates of birth
- Social Security numbers
- Driver’s license and government-issued ID numbers
- Medical information
Most of this information came from older, legacy systems primarily used for managing employee, contractor, and parking records. According to the Port, these systems did not include data from airport or maritime passengers, and no payment processing systems were impacted.
Who Was Affected by the Seattle Ransomware Attack?
Out of the 90,000 individuals affected, the majority are current and former Port employees and contractors, with around 71,000 residing in Washington state. The Port emphasized that systems operated by airlines, cruise lines, and federal partners were not compromised in the breach.
Despite the severity of the data theft, transportation and maritime services remained operational and safe. The incident did not disrupt the ability to travel through Seattle-Tacoma International Airport or access the Port’s maritime facilities.
Port of Seattle Responds with Support for Victims
In response to the breach, the Port is offering one year of free credit monitoring and identity theft protection to everyone affected. This move is aimed at helping victims mitigate the risk of fraud and monitor any misuse of their data.
The Port continues to work with cybersecurity experts and law enforcement to assess the full impact of the breach and tighten its digital defenses. The incident also underscores the growing threat of ransomware attacks targeting critical infrastructure and government entities across the U.S.
