Substitute Notice
The Port of Seattle (the “Port”) today announced that notification letters have been mailed to individuals whose data was impacted in the August 2024 cyberattack.
This website notice is intended to provide the same information included in the notification letters to individuals for whom the Port has insufficient or out-of-date contact information. The Port previously launched a website to report the incident publicly August 24, 2024.
Notice of Data Breach
What happened
On August 24, 2024, the Port identified system outages consistent with a cyberattack. The Port promptly initiated its incident response processes. Our teams isolated critical systems, took certain systems offline, and worked with third-party and federal partners to safely restore and test our systems.
Importantly, at no point did this incident affect the ability to safely travel to or from Seattle-Tacoma International Airport or safely use the Port’s maritime facilities. The proprietary systems of our major airline and cruise partners were not affected, nor were the systems of our federal partners like the Federal Aviation Administration, Transportation Security Administration, and U.S. Customs and Border Protection.
An investigation assisted by cybersecurity and technology experts was initiated to investigate what happened and what data may have been impacted. The impacted data was then reviewed to determine who needed to be notified and the contact information for doing so. The Port also notified law enforcement and worked to add further protections to harden its systems.
What Personal Information Was Involved
The threat actors accessed and downloaded some personal information from Port systems, primarily legacy ones used for employee, contractor and parking data. The Port holds very little information about airport or maritime passengers, and systems processing payments were not affected.
We have determined that around August 24, 2024, the threat actors accessed and downloaded some personal information from the Port networks, mostly for current and former Port and other airport employees and contractors. Within these downloaded files, the Port identified the following personal information that may have been involved for impacted individuals: first and last name, date of birth, Social Security number (or last four digits of Social Security number), driver’s license or other government identification card number, and medical information.
What We Are Doing
Prior to the incident, the Port had a number of security measures in place. As part of the recovery process, the Port implemented additional technical and administrative security controls to further enhance the security of our systems and data.
The Port is notifying individuals whose personal information was affected via mail where available. The Port began sending the first rounds of individual notifications on April 3, 2025. These notifications include an offer of one year of comprehensive credit monitoring and identity theft protection services. Additionally, the notices provide detailed information of these services, along with instructions for registration and contact details for our dedicated call center established to assist with enrollment and to address any inquiries related to the incident.
What you can do
It is always a good idea to remain vigilant against threats of identity theft or fraud and to regularly review and monitor your account statements and credit history for any signs of unauthorized transactions or activity. If you provided your personal information to the Port prior to August 24, 2024, are concerned your information was affected, and you do not receive an email notification by April 17, 2025, please call 1-833-998-8263.
For more information
A dedicated call center is also being set up to answer your questions about this incident. You may call it toll free at 1-833-998-8263, 8:00AM-8:00PM EE, Monday-Friday.
Additional Information for US Residents
INFORMATION ON OBTAINING A FREE CREDIT REPORT
U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit reports, visit the Annual Credit Report website or call toll free (877) 322 8228.
INFORMATION ON IMPLEMENTING A FRAUD ALERT OR SECURITY FREEZE
You can contact the three major credit bureaus at the addresses below to place a fraud alert on your credit report. A fraud alert indicates to anyone requesting your credit file that you suspect you are a possible victim of fraud. A fraud alert does not affect your ability to get a loan or credit. Instead, it alerts a business that your personal information might have been compromised and requires that business to verify your identity before issuing you credit. Although this may cause some short delay if you are the one applying for the credit, it might protect against someone else obtaining credit in your name.
A security freeze prohibits a credit reporting agency from releasing any information from a consumer’s credit report without written authorization. However, please be aware that placing a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any requests you make for new loans, credit, mortgages, employment, housing, or other services. A credit reporting agency may not charge you to place, temporarily lift, or permanently remove a security freeze.
To place a fraud alert or security freeze on your credit report, you must contact the three credit bureaus below:
| Equifax: Consumer Fraud Division P.O. Box 740256 Atlanta, GA 30374 (800) 525-6285 Equifax website |
Experian: Credit Fraud Center P.O. Box 9554 Allen, TX 75013 (888) 397-3742 Experian website |
TransUnion: TransUnion LLC P.O. Box 2000 Chester, PA 19022-2000 (800) 680-7289 TransUnion website |
To request a security freeze, you will need to provide the following information:
- Your full name (including middle initial as well as Jr., Sr., II, III, etc.);
- Social Security number;
- Date of birth;
- If you have moved in the past five (5) years, the addresses where you have lived over those prior five years;
- Proof of current address such as a current utility bill or telephone bill; and
- A legible photocopy of a government issued identification card (state driver’s license or ID card, military identification, etc.).
You may also contact the U.S. Federal Trade Commission (“FTC”) for further information on fraud alerts, security freezes, and how to protect yourself from identity theft. The FTC can be contacted at 400 7th St. SW, Washington, DC 20024; telephone +1 (877) 382 4357; or the FTC Identify Theft advice page.
This archive of the cyberattack incident communications appeared on The Washington Public Ports Association from August 24-November 22, 2024. The Port website is back online, but this archive is preserved on the site for the historical record.
Early on Saturday, August 24, the Port was made aware of unauthorized activity on our systems. Our teams isolated critical systems and are working with third-party and federal partners to safely restore and test our systems. The investigation is ongoing, and the Port will provide appropriate updates as they become available. If we identify that the actor obtained employee or passenger personal information, we will carry out our responsibilities to inform them.
September 13, 2024, Update on Cyberattack
FOR IMMEDIATE RELEASE
Contact: Perry Cooper | SEA Airport | [email protected]
The Port of Seattle issued the following statement on the cyberattack impacting its systems
SEATTLE — Sept. 13, 2024 — On August 24, 2024, the Port of Seattle identified system outages consistent with a cyberattack. It was a fast-moving situation, and Port staff worked to quickly isolate critical systems. Since that time, Port staff have been working around the clock to ensure that our partners and travelers who use our gateways safely and securely reach their destinations and utilize our facilities. This has included engaging with our forensics specialists and actively supporting law enforcement’s investigation of the attacker. It also has included countless hours by Port staff and volunteers to mitigate the impact of the incident. While our response and recovery are still ongoing, we wanted to share updated information about what happened, what we have been doing, and how we are further strengthening our security.
What Happened
This incident was a “ransomware” attack by the criminal organization known as Rhysida. The efforts our team took to stop the attack on August 24, 2024, appear to have been successful. There has been no new unauthorized activity on Port systems since that day. We remain on heightened alert and are continuously monitoring our systems.
It remains safe to travel from Seattle-Tacoma International Airport and use the Port of Seattle’s maritime facilities.
What Was Affected
Our investigation has determined that the unauthorized actor was able to gain access to certain parts of our computer systems and was able to encrypt access to some data. We took steps to block further activities including disconnecting our systems from the internet, but unfortunately, the encryption and our response actions hindered some port services including baggage, check-in kiosks, ticketing, Wi-Fi, passenger display boards, the Port of Seattle website, the flySEA app, and reserved parking. Our team was able to bring the majority of these systems back online within the week, though work to restore some systems like our external website and internal portals is ongoing. Our current operational status is available at our temporary website, https://www.portseattle.org/.
The Port has refused to pay the ransom demanded, and as a result, the actor may respond by posting data they claim to have stolen on their darkweb site. Our investigation of what data the actor took is ongoing, but it does appear that some Port data was obtained by the actor in mid-to-late August. Assessment of the data taken is complex and takes time, but we are committed to these efforts and notifying potentially impacted stakeholders as appropriate. In particular, if we identify that the actor obtained employee or passenger personal information, we will carry out our responsibilities to inform them.
What We Have Done
“From day one, the Port prioritized safe, secure and efficient operations at our facilities. We are continuing to make progress on restoring our systems. The Port of Seattle has no intent of paying the perpetrators behind the cyberattack on our network,” said Steve Metruck, Executive Director of the Port of Seattle. “Paying the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars. We continue working with our partners to not just restore our systems but build a more resilient Port for the future. Following our response efforts, we also commit to using this experience to strengthen our security and operations, as well as sharing information to help protect businesses, critical infrastructure and the public.”
How We Are Strengthening Our Security
While restoring and rebuilding systems, we have been taking additional steps to enhance our existing controls and further secure our IT environment, including strengthening our identity management and authentication protocols, as well as enhancing our monitoring.
We recognize the inconvenience this incident has caused, and for that, we apologize. Thank you for your understanding and for your patience during this incident.
The Port of Seattle remains committed to operating our aviation and maritime gateways prioritizing safety, efficiency, and security.
For additional status information visit https://www.portseattle.org, as well as Port of Seattle social media channels, including X, Facebook, Instagram, Threads, and YouTube.
September 11, 2024
Flight and baggage information displays are now showing every airline’s schedule throughout the SEA Airport terminal. Travelers are seeing their normal travel experience at SEA. Wi-Fi is back up, displays are on, and all check-in and ticketing systems are back. We appreciate all of your patience over the last few weeks. We’ll continue providing weekly updates here as our regular website is still waiting to come back online. We still have some internal systems that continue to be worked on. You can see key information options below, and we’ll post any further relevant information as soon as it becomes available.
Port of Seattle Executive Director Steve Metruck provided an update on the systems outage during the September 10, 2024, Port of Seattle Commission meeting.
September 6, 2024, 12:20 P.M.
Your experience at SEA Airport today and in the future should feel pretty normal! Wi-Fi is up and flight and bag information displays are operating for all airlines except United. You’ll get updates once a week in the future unless there are big changes. Thanks for your patience over the last few weeks. And have a great weekend!
September 4, 2024, 4:30 p.m.
More positive milestones for travelers at SEA:
• Public Wi-Fi is back up and running throughout the terminal.
• Common-use check-in kiosks are operating as normal in various locations on the Ticketing Level.
• Flight and baggage information displays are operating with all airlines except United at this time. Please use the United Airlines or other travel apps for that airline’s gate and baggage claim information or check in with green-attired staff for direction.
• Flight and baggage information displays are operating with all airlines except United at this time.
In addition, all common-use check-in kiosks are back operating normally.
September 2, 2024, 12:30 p.m.
Holiday volumes are high and operations are running smoothly at SEA Airport so far today.
Baggage claim and flight information displays are coming back on in a phased approach as our teams complete final testing.
All airlines are listed at this time for baggage claim except for Delta, Virgin Atlantic, Aeromexico, and United. Flight information displays are also coming on with all airline information except for Delta and United. These airlines are finalizing connections to be added soon to both displays.
Volunteers remain on the ground to help travelers. Airline and other travel apps can also be used to track locations for gates and baggage claim arrivals.
Aircraft are departing and arriving as we remain open, and travelers are getting to and from their destinations. Delays are minimal. TSA wait times are minimal as well.
We continue to bring up more common use monitors and systems, most recently in various locations within the S Concourse and D Annex.
September 1, 2024, 12:00 P.M.
Restoration of common use systems continues to progress. Virtually all airlines are back to full service for ticketing and baggage management.
Few flight delays or disruptions are occurring beyond a typical busy holiday volume period. That continues to be the main priority to get passengers to and from their travels safely. TSA wait times are minimal while dining and retail locations are operating normally.
Display boards for flight and bag information are still being worked on in partnership with the airlines. Port staff and volunteers have racked up nearly 4,000 hours supporting customers since Monday.
Monday will be the busiest day for the holiday. Please visit our travel tips to find the best ways to prepare.
August 31, 2024, 11:00 A.M.
More systems continue to return to normal this morning. Nearly all common use airlines systems for flights have returned to international and low volume carriers. Travelers will also see monitors for those carriers at their checkin counters back in operation.
Flight and bag information displays are still down. Teams are making progress for those to return soon. Staff and volunteers in green attire continue to be available at key locations to help travelers with information. Those displays remain as the most apparent disruption to travelers. Aircraft operations have been back to normal and there have been minimal delays in departures and arrival activity.
August 30, 2024, 2:00 P.M.
Today has been a very successful travel day for the start of the Labor Day weekend. The majority of travelers won’t notice disruptions in their experience as high volume carriers are back to normal operations. Flights are arriving and departing as normal with few delays. The recovery process for common use carriers, such as international and low volume, continues as we test and safely restore systems to print bag tags and boarding passes.
Posted August 28, 2024, 10:00 a.m.
Teams continue to work on restoring Port of Seattle systems and are assisting travelers during the current outages. Labor Day travel is expected to be busy at Seattle-Tacoma International Airport (SEA) and the cruise terminals.
Aircraft departures and arrivals continue to operate as normal. The biggest challenge for travelers remains viewing flight and baggage information on display monitors throughout the airport. Those systems are still down; however, you can access the information on airline and travel apps or by asking our team in green.
Reserved Parking and all other garage operations at Seattle-Tacoma International Airport (SEA) are working. Guests can reserve terminal direct parking on the fourth floor at Reserve SEA
Plan to arrive two hours before a domestic flight and three hours before an international flight, or check with your airline for a recommended time of arrival.
Posted August 27, 2024, 11:49 a.m.
Seattle-Tacoma International Airport (SEA) is making progress on restoring the previously impacted elements of the baggage system. Multiple teams have implemented and are using a variety of methods to ensure bags reach their aircraft. Travelers should continue to prioritize carry-on luggage if possible.
If you are traveling today, please check with your airline for flight and baggage information. Plan to arrive two hours before a domestic flight and three hours before an international flight. See below for more information regarding Seattle-Tacoma International Airport (SEA) or Maritime facilities.
Posted August 26, 2024, 11:40 a.m.
SEA Airport continues to experience system outages and is working to restore to full service. Our priority is getting customers where they need to be. To help your travel day, continue to check with your airline and review these tips:
• International travelers are encouraged to arrive early for check in and bag check.
• Standard TSA rules apply through security checkpoints. Follow the 3-1-1 liquids rule to get through quicker.
• Get assistance from our Customer Care team on @flySEA social media and on Customer Care Connect.
The Port of Seattle continues to experience system outages. We’re continuing to work with our partners to resolve this and will provide updates when we know more.
Posted August 25, 2024, 9:45 p.m.
System outages continue at the Port of Seattle, including at SEA Airport. Port teams continue to make progress on returning systems to normal operations, but there is not an estimated time for return. If you are traveling today
• Check in for your flight online before you leave home and use airline apps to get your boarding pass.
• If you do not have to check a bag, stick to just carry-on luggage. Give yourself extra time to get to SEA and to your gate.
• In-terminal screens are experiencing technical issues showing flight information. Please check with your airline for the latest gate information.
Posted August 24, 2024, 3:30 p.m.
The Port of Seattle maritime facilities phone systems are down as part of a system outage. For urgent matters, call:
• Recreational boating at (206) 601-4089 or VHF Channel 17
• Fishermen’s Terminal at (206) 617-4898
• Bell Harbor at (206) 462-9567
• Marine Maintenance at (206) 556-1678
For Terminal 91 operations, call (206) 606-8152. If the call is not answered, leave a voicemail and then call the number again within 5 minutes.
Posted August 24, 2024, 2:30 p.m.
To help get through the airport easier, use airline apps to get your mobile boarding pass for your flight and tag bags online before you get to SEA.
Posted August 24, 1:30 p.m.
Earlier this morning the Port of Seattle experienced certain system outages indicating a possible cyberattack. The Port isolated critical systems and is in the process of working to restore full service and does not have an estimated time for return.
Posted August 24, 9:45 a.m.
The Port of Seattle, including SEA Airport, is experiencing an internet and web systems outage, which is impacting some systems at the airport. Passengers are encouraged to check with their airlines for the latest information for their flights.
Media Briefings
Thank you!
We appreciate everyone’s support and patience during this time.
