SEATAC, Wash. — The system outages at Seattle-Tacoma International Airport in August were the result of a ransomware attack, the Port of Seattle confirmed Friday.
The criminal organization behind the attack, known as Rhysida, did steal data, according to the port. It's currently unclear what data was stolen, but Rhysida may post it to its dark website after the port refused to pay the ransom demand.
“From day one, the Port prioritized safe, secure and efficient operations at our facilities. We are continuing to make progress on restoring our systems. The Port of Seattle has no intent of paying the perpetrators behind the cyberattack on our network,” Steve Metruck, executive director of the Port of Seattle, said in a prepared statement. "Paying the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars."
The port said it is committed to assessing the data and notifying people who may have been impacted. If employee or passenger personal information was obtained, the port said it would inform them.
Travel at Seattle-Tacoma International Airport remains safe, according to the port, which owns and operates the airport.
The Port of Seattle discovered outages consistent with a cyberattack on Aug. 24. The attacker encrypted access to some data. The port disconnected its systems from the internet. The combination of the attack and encryption hindered services including baggage, check-in kiosks, ticketing, WiFi and more.
The majority of the systems were brought back online within a week, according to the port. The airport said its system is fully restored for passengers.
According to the port, steps are being taken to strengthen its digital systems further as they are being restored and rebuilt.
"Thankfully we dodged a bullet, and no lives were affected, maybe inconvenienced for sure," said Emil Sayegh, CEO of Profit Growth Insights. " But we need to take this seriously."