Cyber Incident Victim: Port of Longview

The Port of Longview in Washington State experienced a significant cyberattack discovered on February 1, 2018, when the FBI notified port officials of the breach. According to an internal memo obtained by The Daily News, the attack potentially compromised the personal information of hundreds of current and former employees along with data from dozens of vendors connected to the port. The FBI declined to share specific details about the intrusion with port leadership, citing classified information related to the investigation. While the exact method of initial compromise remains undisclosed, investigators identified internet service provider addresses linked to Russia, Liberia, and Kazakhstan as the source locations for the malicious activity. Port authorities engaged a law firm to manage the legal aspects of the incident, a decision that limited public disclosure of technical details under attorney-client privilege protections.

The cyberattack disrupted normal port operations, though the specific duration and severity of operational impacts were not quantified in available records. No explicit confirmation exists regarding whether ransomware deployment, data exfiltration, or system destruction occurred during the incident. The port's response focused on coordinating with federal investigators while maintaining confidentiality around forensic findings. Public concern arose regarding the lack of transparency, particularly given the port's critical infrastructure role and the foreign-linked nature of the attack. The incident highlighted tensions between organizational privacy during investigations and public interest in understanding threats to vital transportation assets. No subsequent disclosures clarified whether employee or vendor data was definitively accessed or misused as a result of the breach.