The Port of Seattle has officially confirmed that around 90,000 people had their personal information compromised in a ransomware attack that hit its systems back in August 2024. The breach disrupted critical operations at Seattle-Tacoma International Airport and other port facilities, causing chaos right before the busy Labor Day weekend.

Now, months later, the Port is sending out notification letters and offering free credit monitoring to those affected.

According to officials, the hackers primarily accessed older, legacy systems that held employee, contractor, and parking data. Fortunately, payment systems and sensitive federal or airline networks were not impacted.

While the Port emphasized that public safety and transportation security were never at risk, the attack still caused major operational headaches and led to the exposure of sensitive personal data, from Social Security numbers to medical information.

Why It Matters: This attack on the Port of Seattle is another reminder of how ransomware groups are exploiting outdated infrastructure, hitting public institutions hard and causing widespread disruption. Even though the Port refused to pay the ransom, choosing instead to stand by its principles and protect taxpayer dollars, the incident highlights the growing need for stronger cybersecurity, especially in critical infrastructure that so many people rely on daily.

• Scope of the Breach: 90,000 Individuals Impacted: The Port of Seattle confirmed that about 90,000 people had their personal data stolen, with the vast majority, roughly 71,000, living in Washington state. Most of those affected were current or former Port employees, contractors, or airport staff. The exposed data includes sensitive details like names, birth dates, Social Security numbers, driver’s license numbers, and even some medical information. To help, the Port is offering one year of free credit monitoring and identity theft protection.

• How the Attack Unfolded and Systems Affected: The ransomware attack, carried out by the Rhysida group, struck on August 24, 2024, crippling airport and port operations just ahead of Labor Day. Critical systems like baggage handling, check-in kiosks, Wi-Fi, passenger displays, and even the port’s main website went dark. Staff had to resort to manual methods, including whiteboards for flight information, to keep things running. Thankfully, systems handling passenger payments and federal security networks were left untouched.

• The Ransom Demand and Port’s Firm Stance: Rhysida demanded a hefty $6 million ransom after claiming they stole over 3 terabytes of data. The group even listed the Port of Seattle on its dark web auction site and leaked portions of the stolen data publicly. Despite the pressure, Port leadership refused to pay, saying it would go against their values and commitment to being responsible stewards of public funds. Executive Director Steve Metruck made it clear that giving in to the attackers wasn’t an option.

• Old Systems, New Problems: The hackers gained access specifically through outdated systems that were no longer in primary use but still contained valuable data. These legacy systems stored information for employees, contractors, and parking services. While it’s reassuring that systems tied to airport passengers and cruise lines remained secure, the incident underscores how aging tech environments can be a serious liability.

• What’s Next: The Port has been proactive in reaching out to those affected, even posting the breach notice online for individuals without a valid mailing address. While the immediate damage control is underway with credit monitoring services, the incident likely serves as a wake-up call for modernizing infrastructure and reinforcing cybersecurity defenses. The Port also reassured the public that safe travel through Seattle-Tacoma International Airport and maritime facilities was never compromised.

Go Deeper -> Port of Seattle Says 90,000 People Impacted by Ransomware Attack – SecurityWeek

Port of Seattle says 90,000 people impacted in 2024 ransomware attack – The Record