New information has emerged regarding the August 2024 Port of Seattle ransomware attack. Around 90,000 customers are being notified by the U.S government agency overseeing Seattle’s seaport, and airport that their personal information was stolen in the ransomware attack. The Port of Seattle and Seattle-Tacoma International Airport (Sea-Tac) were victim of a cyberattack on August 24 when an unauthorized activity was detected on their systems later resulting in the disruption of multiple services and systems, including passenger display boards, reservation check-in systems, concerned website and app, and delayed flights at Seattle-Tacoma International Airport causing commotion and inconvenience to the passengers.
The agency officially confirmed Rhysida ransomware operation to be behind the attack three weeks after the initial disclosure. Rhysida surfaced in May 2023 and was in limelight for its breaches including the British Library, the Chilean Army (Ejército de Chile), the City of Columbus, Ohio, Sony subsidiary Insomniac Games, and MarineMax (the world’s largest recreational boat and yacht retailer). In Aug 2023 its affiliates were responsible for the Singing River Health System breach, stealing the personal and health information of almost 900,000 people.
On September 13, 2024, Port of Seattle stated that they have refused to give in to the demand of the threat actors and that the hackers may leak the claimed stolen data on dark web.
On Thursday, April 3, 2025, the Port announced that notification letters were being sent to approximately 90,000 individuals who were impacted by the data breach and had a mailing address. Reportedly the attackers stole information related to employee, contractor, and parking data from port systems (primarily legacy ones) which may include personal information such as first and last names, dates of birth, Social Security numbers (or last four digits of Social Security number), driver’s license or other government identification card numbers, and medical information. The Port claims to store minimum information on airport or maritime passengers and that the payment processing systems were not impacted by the attack nor were the proprietary systems of the major airline, cruise partners and federal partners. The agency also assured that the incident does not impact the ability to safely travel to and from the SEA Airport or use the Port’s maritime facilities.
