The Port of Seattle, a US government agency, has confirmed a data breach affecting approximately 90,000 people following an August 2024 ransomware attack. The breach exposed sensitive personal information, highlighting the significant risks associated with ransomware incidents for large organizations.
The Ransomware Attack and its Aftermath
The Port of Seattle initially disclosed the attack on August 24th, 2024, reporting widespread service disruptions. These disruptions impacted various systems, including reservation check-in, passenger displays, the Port’s website, and the flySEA app. Flight delays at Seattle-Tacoma International Airport also resulted from the attack.
Three weeks later, the Port identified the Rhysida ransomware operation as the perpetrator. Despite threats to publish stolen data, the Port refused to pay the ransom. On September 13th, 2024, the Port stated:
“We have refused to pay the ransom demanded, and as a result, the actor may respond by posting data they claim to have stolen on their darkweb site. Our investigation of what data the actor took is ongoing, but it does appear that some Port data was obtained by the actor in mid-to-late August. Assessment of the data taken is complex and takes time.”
The Extent of the Data Breach
The Port added this week: “At no point did this incident affect the ability to safely travel to or from SEA Airport or use the Port’s maritime facilities. The proprietary systems of major airline and cruise partners were not affected, nor were the systems of federal partners like the Federal Aviation Administration, Transportation Security Administration, and U.S. Customs and Border Protection.”
Notification letters were sent to approximately 90,000 individuals, with 71,000 residing in Washington state. The stolen data included employee, contractor, and parking data, potentially containing names, dates of birth, Social Security numbers (or partial numbers), driver’s license information, and some medical information. The Port emphasized that passenger data and payment systems remained unaffected.
Rhysida Ransomware: A Growing Threat
Rhysida, a ransomware-as-a-service (RaaS) operation, emerged in May 2023. Its past victims include the British Library, the Chilean Army, the City of Columbus, Ohio, Sony subsidiary Insomniac Games, and MarineMax. The scale of Rhysida’s operations underscores the increasing sophistication and impact of ransomware attacks on organizations of all sizes.
