The Port of Longview was recently victimized by a cyber attack that may have affected hundreds of past and current employees and dozens of vendors.
The FBI notified the port of the attack on Feb. 1, according to an internal memo obtained Monday by The Daily News.
However, the FBI told the port additional details about the attack are “classified,” according to the memo. The date on the the FBI’s initial report on the attack was Jan. 18, 2018, the memo said.
An investigation led by SecureWorks, the port’s cybersecurity firm, found the attack had the potential to affect 370 past and current employees — including past Port of Kalama employees — and 47 vendors. (The Port of Longview used to manage Port of Kalama employees’ benefits.) The attack may also have affected 22 longshoremen, the memo said.
Investigators traced the attack to internet service provider addresses in Russia, Liberia and Kazakhstan, according to the memo.
“The port has no indication that personal information was compromised,” port spokeswoman Brooke Hendrickson said in a prepared statement to The Daily News.
The port is mailing notification letters to potentially affected individuals and companies on Tuesday, Hendrickson said. In addition, internal staff and 14 affected longshoremen have already been verbally notified, she said.
“As you can imagine, this process was time- and labor-intensive, but we wanted to be certain about who may have been affected and what information about them was involved,” Hendrickson said, explaining why the port didn’t immediately notify potential victims. “We are notifying individuals as quickly as possible after we completed our investigation.”
Reached by phone Monday afternoon, the president of the local longshore union said he was unaware of the attack.
“This is the first I’ve heard of it,” said Billy Roberts, president of the Longview-based International Longshore and Warehouse Union 21.
Mark Wilson, the Port of Kalama’s executive director, declined to comment.
Hendrickson said the port’s main investigation is complete, but port officials still are waiting to receive a final report.
As a precaution, the port is providing one year of credit and identity theft monitoring for potentially affected individuals.
After notifying SecureWorks about a potential security breach, the company’s cybersecurity experts developed a plan that included reviewing all server logs, other logs and data available, according to the memo. The company also installed network scanning software.
The intruder’s motive was unclear, according to the memo.
The investigation found that a number of servers were compromised, but it could not definitely determine whether any data or information was taken. As a result, investigators assumed that data was stolen, the memo said.
The investigation was able to confirm that two administrator accounts were hacked.
The port’s cyber insurance carrier, Beasley, also required the port to engage the Baker Hostetler law firm in a three-way contract to preserve attorney-client privilege, the memo said.
Baker Hostetler, which has a relationship with the FBI, shared the IP address and malware information with the agency’s officials, but did not receive any information in return, the memo said.
The port has cybersecurity insurance and notified its broker on Feb. 5, according to the memo.
Estimated costs to the port are roughly $60,000, the memo said.
It was not immediately clear Monday when the port expects to receive a final report on the attack.