Port of Seattle seaport and airport management company hit with cyberattack, impacts operations
Learn More
The Port of Seattle, which manages both the Seattle seaport and Seattle-Tacoma International Airport (Sea-Tac), was hit by a cyberattack over the weekend of 24th-25th August 2024.
The incident resulted in operational disruptions, forcing parts of the infrastructure offline. The attack primarily impacted the airport’s internet and web systems, leading the Port of Seattle to urge travelers to directly check with airlines regarding flight updates.
Although security operations remain unaffected, the ongoing outages and the measures taken by the port suggest that this could be a ransomware attack. Given the Port of Seattle’s strategic role in regional transportation and trade, any data breach could have severe consequences.
The Port of Seattle’s cybersecurity teams have been working continuously to restore normal operations, though no timeline for resolution has been provided.
Adjacent organizations, including Alaska Airlines and the TSA, have reported no impact on their operations.
Details about specific systems affected, potential exposure of sensitive data, or the number of individuals impacted have not been disclosed.
Update - as of 13th od September 2024, The Port of Seattle confirmed that system outages at Seattle-Tacoma International Airport in August were caused by a ransomware attack by the Rhysida group, which stole data and may release it on the dark web after the port refused to pay the ransom.
As of 16th of September 2024 cybercriminals attempting to extort the Port of Seattle have demanded a ransom of 100 bitcoins (approximately $5.9 million) and posted images of allegedly stolen documents, including a scanned U.S. passport and tax forms containing Social Security numbers. They have threatened to sell the data if the ransom is not paid within seven days.
As of 4th of April 2025, the Port of Seattle has begun notifying approximately 90,000 people that their personal information was compromised in the cyberattack. Officials revealed that cybercriminals accessed and downloaded sensitive data from systems previously used at the Port of Seattle and Seattle-Tacoma International Airport. The compromised information includes:
- Full names
- Dates of birth
- Social Security numbers
- Other government ID numbers
The stolen data involved systems used by employees, contractors, and parking operations.
