Long Beach City Reports That Hack Affected Over 260,000 Residents

The City of Long Beach, California, is in the process of notifying approximately 260,000 individuals regarding a significant breach of their protected health information, which occurred during a cyberattack in November 2023. This incident not only compromised sensitive data but also caused extensive disruption to the city’s IT systems, which remained offline for several weeks. Following the attack, the city has increased its cybersecurity budget by $1 million.

Reports indicate that the total number of individuals affected may reach up to 470,060, based on breach notifications submitted to various state attorneys general. However, the City of Long Beach has not clarified if the 260,000 individuals reported to the U.S. Department of Health and Human Services represent a subset of this larger figure.

A city spokesperson confirmed to Information Security Media Group that the potentially compromised data pertains to residents, employees, customers, and other stakeholders. Notably, the city has confirmed it did not pay any ransom related to the attack.

On November 14, 2023, the city experienced a network security incident when an unauthorized third party gained access to its systems. In response, Long Beach officials temporarily disabled IT systems to contain the breach. During this disruption, various municipal services, including utility bill payments and digital library resources, were rendered unavailable, and the restoration of these services spanned several weeks.

The delay in notifying affected individuals—approximately 15 months—stemmed from an extensive forensic investigation that concluded on March 18. The city cited the complexity and time-intensive nature of addressing such sophisticated cyber incidents as a reason for the prolonged notification period.

The information potentially accessed by the attackers includes sensitive data such as names, dates of birth, financial account details, medical treatment information, and government ID numbers. For individuals whose Social Security numbers were at risk, the city is offering complimentary credit monitoring as a precautionary measure.

Long Beach Mayor Rex Richardson remarked on the unprecedented nature of this event for the organization, asserting a commitment to transparency throughout the ongoing investigation.

As a city that serves a population of around 466,000, Long Beach has approved a substantial annual budget of $3.6 billion for fiscal 2025, which now includes an additional $1 million dedicated to enhancing cybersecurity measures. This investment will fund expertise in cybersecurity, training, testing, and tools aimed at preventing data loss, as well as create two new positions within the cybersecurity team to bolster risk mitigation and regulatory compliance for frameworks like HIPAA and the Payment Card Industry Data Security Standard.