HQ/EMEAFind out how we can help your business
The Port of Seattle data breach has impacted approximately 90,000 individuals after a ransomware attack struck the US government agency in August 2024.
The Port, which oversees Seattle’s seaport and Seattle-Tacoma International Airport, confirmed that cybercriminals from the Rhysida ransomware group were behind the incident. Although the breach was initially disclosed on August 24, 2024, further investigations revealed the scale of the data theft, prompting the Port to notify affected individuals in early April 2025.
As a result of the attack, various digital services and systems were disrupted, including the Port’s reservation check-in systems, passenger display boards, the flySEA mobile app, and its official website. Several flights at Seattle-Tacoma International Airport were also delayed due to the IT outage. Despite the severe impact on operational systems, the Port confirmed that safety at the airport and maritime facilities was never compromised.
The Port of Seattle made a decisive move by refusing to pay the ransom demanded by the Rhysida group, even under the threat of stolen data being leaked on dark web platforms. On September 13, 2024, the agency publicly acknowledged the ransomware group’s involvement and explained that assessing the stolen data would take time due to the complexity of the breach. It was later found that the cybercriminals had accessed sensitive personal information in mid-to-late August 2024.
The Port of Seattle data breach compromised various types of information in different combinations.
This information includes names, dates of birth, Social Security numbers or the last four digits, driver’s licence or government ID numbers, and limited medical information. The impacted individuals consist of employees, contractors, and those with parking records. About 71,000 of those affected reside in Washington state.
Officials clarified that payment processing systems were not affected and that the Port does not store significant personal information about travellers. In addition, systems operated by major airline and cruise partners, as well as federal agencies such as the FAA, TSA, and US Customs and Border Protection, remained secure and unaffected.
The Port of Seattle data breach highlights the continuing threat posed by ransomware groups like Rhysida, which have previously targeted high-profile organisations across the globe. The incident also reinforces the importance of robust cybersecurity measures, data handling transparency, and public communication in the wake of cyberattacks.
