On Friday, Sept. 13, 2024, the Port of Seattle released additional details about a cyberattack – which turned out to be ransomware – that disrupted its technology systems last month.
The attack, which occurred Aug. 24, 2024, was confirmed to be a ransomware incident perpetrated by the “Rhysida” criminal organization.
The attack led to outages affecting key systems, including baggage handling, check-in kiosks, ticketing, Wi-Fi, passenger display boards, and the Port’s website and app.
According to a statement from the Port of Seattle, swift action was taken to isolate critical systems and prevent further unauthorized access.
“The efforts our team took to stop the attack on August 24, 2024, appear to have been successful. There has been no new unauthorized activity on Port systems since that day,” the statement read.
While the majority of impacted systems have been restored, work continues on some services, including the Port’s external website and internal portals. The Port stressed that it remains safe to travel from Seattle-Tacoma International Airport and use the Port’s maritime facilities.
The attackers demanded a ransom, which the Port has refused to pay. Executive Director Steve Metruck emphasized that paying the ransom would go against the Port’s values.
“From day one, the Port prioritized safe, secure and efficient operations at our facilities. We are continuing to make progress on restoring our systems. The Port of Seattle has no intent of paying the perpetrators behind the cyberattack on our network,” Metruck said. “Paying the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars. We continue working with our partners to not just restore our systems but build a more resilient Port for the future. Following our response efforts, we also commit to using this experience to strengthen our security and operations, as well as sharing information to help protect businesses, critical infrastructure and the public.”
The Port warned that the attackers might attempt to release stolen data on the dark web. An investigation is underway to determine the extent of the data breach, with an emphasis on whether personal information of employees or passengers was compromised. Impacted individuals will be notified if necessary.
In the meantime, the Port is enhancing its security protocols, including stronger identity management and authentication measures.
“We are committed to using this experience to strengthen our security and operations,” Metruck added.
For additional status information, visit https://www.portseattle.org, as well as Port of Seattle social media channels, including X, Facebook, Instagram, Threads, and YouTube.