90,000 Individuals Impacted by the 2024 Port of Seattle Ransomware Attack 

• The sensitive information of 90,000 people was exfiltrated by Rhysida ransomware from The Port of Seattle in 2024.
• Hackers managed to compromise the systems and access employee and contractor data.
• Among the exposed details are names, birth dates, Social Security numbers, and driver’s licenses.

The Port of Seattle, a key U.S. government agency managing the city's bustling seaport and Seattle-Tacoma International Airport, has confirmed that approximately 90,000 people have been impacted by the August 2024 data breach. 

An investigation following the attack revealed that sensitive information such as combinations of names, birth dates, Social Security numbers, driver’s license details, IDs, and some medical data were stolen. Of the 90,000 affected, an estimated 71,000 are Washington state residents. 

The company’s announcement stated that the threat actors exfiltrated personal information primarily from legacy Port systems used for employee, contractor, and parking data.

However, payment processing systems were not affected, and the company stated it stores little airport or maritime passenger data. The Port assured the public that systems handling passenger payments and operations for federal partners like the FAA and TSA remained secure and unaffected.

The cyberattack was attributed to the Rhysida ransomware group and caused significant disruptions to IT systems at Seattle-Tacoma International Airport, affecting flight reservations, passenger display boards, and the Port's website. 

Despite the attackers' demands, the Port of Seattle refused to pay the ransom, acknowledging the risk of stolen data being exposed on dark web platforms.

On April 3, 2025, the Port began notifying those impacted by the breach, providing information about the compromised data as well as resources for protection and monitoring.

Rhysida, a ransomware-as-a-service (RaaS) group, first surfaced in 2023 and has quickly gained notoriety for targeting various organizations worldwide, including the British Library and the Chilean Army. The group’s attacks have frequently resulted in the theft and publication of sensitive data.