Port of Seattle Still Disrupted After Suspected Cyberattack

• Port of Seattle’s systems were downed by technical issues on Saturday, which included internet connectivity issues.
• Seattle-Tacoma International Airport’s operations were impacted, and the restoration process is still ongoing.
• All signs point to a cyberattack, but company representatives did not mention the possibility of a ransomware attack yet.

The Port of Seattle has been experiencing significant disruptions since the morning of August 24 due to a suspected cyberattack that impacted the internet, phones, email, and other systems and impaired various Seattle-Tacoma International Airport (SEA) operations, which Port of Seattle oversees.

IT teams isolated critical systems shortly after that to prevent further damage from the potential attack, which did not impact flights or security checkpoints.

A Tuesday report said the SEA is making progress in restoring the baggage system's previously impacted elements, prioritizing the restoration of core functionalities, flight information displays, and internet connectivity.

SEA posted on X on Thursday that the Port’s corporate and maritime divisions will help assist travelers during the system outage. No other details were given about this outage being a ransomware attack, but an investigation is ongoing.

In July, a problematic CrowdStrike update impacted Windows clients and servers, grounding planes and causing major disruptions across all sectors. It caused 8.5 million Windows machines worldwide to crash with a Blue Screen of Death (BSOD) and get stuck in reboot loops.

In recent news, Idaho-based medical center Kootenai Health disclosed a data breach impacting several subsidiaries, filing a report with the Office of the Maine Attorney General. As a result, the personal information of 464,088 patients was stolen and leaked by the ThreeAM ransomware gang. 

American not-for-profit credit union Patelco was hit by a ransomware attack that started on May 23 and culminated on June 29, exposing the sensitive information of 726,000 customers. The RansomHub ransomware attack led to the gang leaking the stolen data on its extortion portal.