After Long Beach was hit with a cyberattack in November 2023, most of the city’s systems were briefly taken offline and replaced with a stripped back version of the government website, longbeach.gov.
In response, the City Council approved an emergency proclamation aimed at helping the city manager’s office respond to the incident more quickly. Long Beach’s Technology and Innovation Department launched an investigation into the attack with a consultant firm and the FBI.
A couple of weeks later, Long Beach announced that some city data had been accessed during the incident, though officials added that the exact nature of the information accessed was unknown and still under investigation at the time.
Long Beach later launched a webpage to provide information about the incident and the investigation, which was updated in October to let residents know that the process to identify impacted individuals was detailed and time-intensive, but that the investigation was expected to finish up in the next few months.
“Since initial remediation of the network security incident,” Long Beach said in a Monday, April 14, news release, “the city has been working very closely with leading, external cybersecurity professionals experienced in handling these types of incidents to complete the ongoing investigation.”
The investigation — which concluded on March 18 — found that some city files containing personal information may have been accessed during the cyber incident.
“The potentially impacted files could pertain to residents, employees, customers and stakeholders,” city spokesperson Jennifer De Prez said in a Wednesday, April 23 statement. “To date, 305,347 letters are being issued.”
Files that may have been impacted, according to the city, include first and last names, with at least one or more other pieces of information, such as:
* Date of birth.
* Financial account information, including credit and/or debit card details.
* Social security number.
* Biometric information; medical diagnosis and/or treatment information; medical provider information; and health insurance information.
* Driver’s license number; passport number; medical record number; taxpayer identification number; and patient account information.
“The types of personal information involved varied by individual,” the city said, “and not every data element was impacted for each individual.”
Long Beach officials said they are taking steps to notify impacted people about the potential effects of the cyber incident.
Impacted people will be notified at their last known home address via U.S. mail, the city said, and will receive guidance on how to safeguard against identity fraud.
Long Beach will also provide credit-monitoring services for people whose social security numbers were potentially accessed, the city said.
The city has also set up a call-center line, which will focus on providing information and resources to impacted people.
“This response line,” the city said, “is staffed with professionals familiar with this incident and knowledgeable on what people can do to protect against misuse of personal information.”
The line, 888-802-9667, will operate from 6 a.m. to 6 p.m. Monday to Friday.
City Manager Tom Modica, in the news release, said there is currently no indication of any fraudulent activity as a result of the cyberattack — but underscored Long Beach’s ongoing concerns about protecting residents’ personal data.
“Safeguarding city assets, including people’s personal information, has been and will continue to be a top priority for our organization,” Modica said. “We will continue to work closely with cybersecurity experts to enhance our security measures and minimize the likelihood of this type of incident from occurring again.”
Long Beach also allocated $1 million in its fiscal year 2025 budget to enhance its cybersecurity and information technology infrastructure, the news release said.
© 2025 Press-Telegram, Long Beach, Calif. Distributed by Tribune Content Agency, LLC.
