Wednesday's announcement marked the first look into Long Beach's investigation into the nature and scope of the cyber attack thus far. Long Beach first identified the security incident on Nov. 14 and shortly after, took the majority of its official website's connections, networks and systems offline in order to eliminate the cause of the breach.
The City Council approved an emergency proclamation relating to the incident on Nov. 17, which granted the city manager's office additional powers to quickly respond to the incident.
Since the crisis was discovered, the city said Wednesday, Long Beach's Technology and Innovation Department has been working to remove the unauthorized party from the city's systems, and to implement additional cybersecurity measures beyond protocols that were already in place.
Those included an account audit of all users with access to the city's network, the announcement said, and a forced password reset of all users. The TID also implemented stricter password requirements and an upgraded multifactor account authentication process to further strengthen the security of its networks.
A stripped-down version of the city's website, longbeach.gov, was brought back online on Nov. 16. It housed basic information, such as links to the government's social media platforms, Long Beach Airport flight schedules, city phone numbers and the latest information about the cybersecurity incident.
The TID, during that time, also helped facilitate in-person payments and other workarounds to support continued city operations, the Wednesday announcement said, and helped minimize disruption to city payroll by setting up on-site computer labs for payroll accounting and to process checks to "keep the city running as smoothly as possible" during the incident.
That department also set up a 24/7 employee assistance hotline, provided in-person and phone assistance, and extended hours for in-person employee services at various locations to ensure all city staffers were able to access the network and continue their work, the announcement said. Additional assistance from TID remains available for employees.
A majority of Long Beach's systems, including the main longbeach.gov website, general information and department websites, were brought back online on Monday, Nov. 27, after TID staffers determined the unauthorized party no longer had access to them.
The restoration of some city services, including utility bill payment and digital amenities offered at Long Beach Public Library locations, is still ongoing, the announcement said. Utility billing fees and and shutoffs are still suspended as Long Beach works to bring that department's systems back online.
Once all systems are back online fully, the release said, all previously scheduled customer service operations will continue, but could be delayed — and there will likely be some backlogs and catch-up processes as the systems return to normal operations.
"This has been an unprecedented event for our city organization that we are taking very seriously," Mayor Rex Richardson said in the release. "However, I am incredibly proud of our response thus far.
"The recovery process may take time," he added, "but we remain steadfast in our dedication to restoring normalcy and ensuring the safety and security of our networks, systems and our community."
Additional information about the data that was accessed is currently unknown because the city's investigation into the scope and nature of the breach is ongoing, the announcement said. It could take anywhere from weeks to months until the investigation is complete, and Long Beach officials get a full understanding of exactly what kind of data was accessed and who was impacted.
The city has hired a third-party cybersecurity firm to complete the investigation. A primary goal of that investigation, the announcement said, is to determine whether people's personal information was accessed during the cyber incident.
"Should the city determine personal information was compromised, the city will notify any affected individuals via U.S. mail as soon as reasonably possible," the press release said, noting that if the investigation reveals that people's Social Security numbers were accessed, Long Beach will provide credit monitoring services and "other support" to those individuals.
"This process of identifying specific individuals' sensitive information is incredibly detailed," the release said, "and will likely take many weeks to complete."
The city also said that the investigation, thus far, has found no evidence of ransomware — which is a type of malware designed to encrypt files on a device and essentially make them unusable. Those who use ransomware typically demand a ransom in exchange for decryption of the impacted files, according to the U.S. Cybersecurity and Infrastructure Security Agency.
The cause of the cyber incident is also currently under investigation.
Cybersecurity, the announcement said, remains a top priority for Long Beach.
"We deeply understand and regret the angst caused by cybersecurity incidents on our residents, customers and employees," City Manager Tom Modica said in a statement, "and know how concerned our stakeholders are about the possibility of personal information being accessed.
"We as a city are fully committed to following established best practices for identifying affected individuals," Modica added, "and providing support during this difficult time."
Over the past five years, the city has spent $32 million on cybersecurity upgrades, including enhanced infrastructure and equipment to reduce the risk of cyber incidents and system upgrades to detect, monitor and prevent cyber threats.
Long Beach has also hired additional cybersecurity professionals and improved digital safety training for all employees, the announcement said.
The City Council also allocated an additional $1.7 million for cybersecurity investments in the fiscal year 2024 budget, which was approved in September — alongside a $795,000 federal grant to enhance cybersecurity monitoring and detection.
As for the current incident, the city has laid out some proactive measures folks can take if they're concerned their information may have been compromised.
Those tips include:
* Regularly monitoring bank statements, credit reports and other accounts for unusual activity
* Creating new, strong passwords and enabling multifactor authentication where possible.
* Securing Wi-Fi with a strong password.
* Placing a freeze on credit reports for additional protection against unauthorized access.
* Being wary of phishing attempts, which could come through email, messages or calls requesting personal information.
The city will continue providing updated information about the investigation when available. Check longbeach.gov for more information.
© 2023 Press-Telegram, Long Beach, Calif. Distributed by Tribune Content Agency, LLC.
