Port of Seattle says 90,000 people impacted in 2024 ransomware attack

About 90,000 people had information accessed by ransomware hackers who breached the systems of the Port of Seattle last year.

The organization — which runs Seattle-Tacoma International Airport, several parks, container terminals and more — said it is sending breach notification letters to those affected, including about 71,000 people in Washington state.

“The threat actors accessed and downloaded some personal information from previously used Port systems for employee, contractor, and parking data. The Port holds very little information about airport or maritime passengers, and systems processing payments were not affected,” officials said in a notice on Thursday. 

Those impacted had some combination of names, dates of birth, Social Security numbers, driver’s licenses, ID cards and some medical information stolen. Victims will receive one year of free credit monitoring services.

The port also posted the breach notice online for those who did not have an available mailing address.

The August 24 incident, which took place ahead of the Labor Day holiday, severely damaged the systems used by the city’s port and airport, forcing workers to take extraordinary measures to help travelers. The ransomware attack knocked out the airport’s Wi-Fi and employees had to use dry-erase boards for flight and baggage information.

Screens throughout the facility were down and some airlines have had to manually sort through bags. A post-mortem said the encryptions and the resulting system disconnections took down port services like “baggage, check-in kiosks, ticketing, Wi-Fi, passenger display boards, the Port of Seattle website, the flySEA app, and reserved parking.”

In the message on Thursday, the port said the ransomware attack did not affect “the proprietary systems of major airline and cruise partners” and the hackers did not access “the systems of federal partners like the Federal Aviation Administration, Transportation Security Administration, and U.S. Customs and Border Protection.”

The hackers, later identified as being part of the Rhysida ransomware gang, were only able to break into legacy systems used for employee data. 

In September, port officials confirmed that they refused to pay a ransom, with executive director Steve Metruck explaining that “paying the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars.”