Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Data Stolen in Ransomware Attack That Hit Seattle Airport

The Port of Seattle, which operates the SEA Airport, has confirmed that the August outage was the result of a ransomware attack.

Seattle Airport Cyberattack

The Port of Seattle, which operates the Seattle-Tacoma International Airport (SEA Airport), has confirmed that ransomware was used in an August cyberattack that caused days-long outages.

The incident was disclosed on August 24, when the Port announced on X (formerly Twitter) that various services were down after critical systems were isolated in response to a cyberattack.

While the SEA Airport and other facilities remained open, passenger display boards, Wi-Fi, check-in kiosks, ticketing, baggage, and reserved parking were among the affected services, along with the flySEA application and the Port of Seattle website.

On September 13, the Port announced that it had restored most of the affected systems within a week after the attack. While it secured the impacted systems and has found no evidence of additional malicious activity, the Port has yet to bring the external website and internal portals back online.

“Enterprise applications essential to business functions, such as accounts payable services, contract management, phone service, and the public website were affected in the attack. Many of these services have been restored with temporary or workaround solutions, although some key systems remain offline,” the Port said.

It also confirmed that some data was encrypted during the attack, that data was stolen from its systems, and that the Rhysida ransomware gang was responsible for the incident.

“Our investigation of what data the actor took is ongoing, but it does appear that some Port data was obtained by the actor in mid-to-late August. Assessment of the data taken is complex and takes time, but we are committed to these efforts and notifying potentially impacted stakeholders as appropriate,” the Port said.

While the Rhysida group has yet to claim responsibility for the attack, the Port believes that the exfiltrated data could eventually be leaked online, as no ransom was paid.

Advertisement. Scroll to continue reading.

“The Port has refused to pay the ransom demanded, and as a result, the actor may respond by posting data they claim to have stolen on their dark web site,” the Port said.

Related: Healthcare Provider to Pay $65M Settlement Following Ransomware Attack

Related: White House Holds First-Ever Summit on the Ransomware Crisis Plaguing the Nation’s Public Schools

Related: Mailing List Provider WordFly Scrambling to Recover Following Ransomware Attack

Related: Ransomware Attack a Nail in the Coffin as Lincoln College Closes After 157 Years

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.