City of Long Beach Issues Updates Related to Network Security Incident
The Californer/10262593

Long Beach, CA – Following the network security incident targeting the City of Long Beach that occurred on Nov. 14, 2023, the City has been diligently managing three simultaneous streams of critical work: System Recovery, Security and Staff Support; Public Service Operations; and Investigation. Though all streams have been affected by or as a result of the network security incident, their path forward will look different from each other. The City understands the importance of transparency and is committed to providing regular updates on the progress made in each stream, to the extent possible. The City has great concern for the security of resident, customer and employee personal information and will communicate with any known affected parties as soon as possible.

"This has been an unprecedented event for our City organization that we are taking very seriously, however I am incredibly proud of our response efforts thus far," said Mayor Rex Richardson. "While most of our systems are now restored, the incident investigation remains ongoing. The recovery process may take time, but we remain steadfast in our dedication to restoring normalcy and ensuring the safety and security of our network, systems and our community. As a top 10 digital city, Number 1 for three years straight, our technology teams know how to provide excellent service as well as how to respond when systems come under attack."

Long Beach is not alone in experiencing network security incidents. Online reports have estimated that 80 local governments so far this year have been targeted by cyber attackers. Long Beach has continued to invest each year in cyber security, modernization of systems and investment in cloud-based systems, including additional security investments that were approved in the FY 24 budget. Long Beach has also invested in cyber security insurance policies that are helping cover the costs of outside expertise during this network security incident. For additional information on previous cyber security investments, please see the FAQ.

After learning that a network security incident targeting the City had occurred, the City acted quickly and took certain systems and internet services offline on Nov. 15, 2023, to secure the network during the initial stages of the investigation and mitigation efforts. Taking systems offline is a very tedious and extensive undertaking, as is the case with the mitigation efforts, and securely restoring systems and bringing them back online. A large contingent of City staff from the Department of Technology and Innovation (TID), have been working tirelessly since the incident occurred on the multitude of tasks, including those associated with properly bringing systems back online.

The following are activities that TID are actively engaged in to help support City staff and the community:
  • Remediating and Containing the Network Security Incident
    • After an initial investigation determined that a network security incident had occurred, TID engaged third-party cyber security professionals to assist with the remediation and investigation of this incident. Out of an abundance of caution, TID took systems offline to continue the investigation, assess potential vulnerabilities and implement additional security measures, beyond the existing measures already in place, to contain the threat. Since that time, TID, with the assistance of third-party cyber security professionals, have facilitated deployment of additional security technology to enhance threat detection and response in addition to monitoring the environment. To ensure only authorized people were accessing the City network, TID conducted a user account audit and forced a password reset of all the City's network users. The City implemented stricter password requirements and a more rigorous multifactor authentication process which had previously been put in place as part of efforts to strengthen network security.
  • Supporting Interim Operational Changes
    • During the time when systems, including the City website were offline, TID has been supporting City departments with interim operational solutions to facilitate continued service to the public. This included creating a temporary City website with important information related to the network security incident as well as other information to support the community, such as an extensive list of phone numbers for City services and Long Beach Airport flight information. TID also supported the acceptance of in person payments and other temporary workarounds put in place by departments to continue to serve the community. TID teams also worked tirelessly alongside the Department of Financial Management to ensure that payroll was processed for City employees with minimal interruption by setting up onsite computer labs for entering payroll and processing Accounts Payable checks to keep the City running as smoothly as possible during this incident.
  • Providing End User Support and Education
    • During this time, TID staff has provided in person and phone assistance to ensure that all City workers are able to access the network and continue to provide City services for the community. Extended hours for in-person employee services were conducted in various locations to support staff, and phone assistance for staff remains available 24/7 for emergency support. Furthermore, TID staff have been writing and sharing knowledge base articles to support staff on items such as Multifactor Authentication, accessing the network, password management, and other cybersecurity awareness resources.
  • Restoring Connections and Systems
    • While the City restored most of its internet connections, network and systems, including the main website, on Nov. 27, TID continues the process of restoring internet connections and systems securely in a planned and sequential method to ensure that systems function properly. City services continue to be brought online and there are several steps involved including restoring regularly occurring processes between systems and testing the systems to ensure full functionality.
    • As of Nov. 27, most website content, including general information, department webpages and the majority of online services, is now publicly accessible on the City's main website, and the few remaining online services will be available in the coming days.
  • Supporting the Investigation
    • TID is working closely with the third-party cyber security professionals to conduct an extensive forensic investigation of the incident.


More on The Californer
The City remains committed to continuing to serve the public while many of its systems and main website were offline and now as systems and online services continue to be restored. There have not been any major service disruptions at this point due to the contingency plans that were quickly put in place and the majority of City services have been restored.

While the City has been successful in getting most systems back online, TID continues the restoration process in a phased approach. Certain systems like Utilities bill payment processing and digital amenities offered by Long Beach Public Library continue to be worked on. Utility billing late fees and shutoffs for non-payment continue to be suspended during this time. The City will continue to provide regular updates on these services as appropriate. Once all City systems and services are back online, there will likely be some backlogs and catch-up processes required to return to normal operations.

Pertinent operational updates and public information was shared Citywide via the interim website and on social media. Departments have also been providing updates to the community, customers and partners by phone, email and via social media to keep them informed on interim changes.

Please be aware that, due to the nature of the cybersecurity incident and active investigation, the information relating to the investigation is confidential and the City cannot discuss or disclose specifics. The investigation is in the earliest stages and could take several weeks or months before it is concluded.

Here is what the City can confirm at this time:
  • The City, through the forensic investigation, can confirm that there was no evidence of encryption activity (also known as ransomware) in the network. The City took certain systems offline out of an abundance of caution to disrupt and expel any unauthorized parties from the City's systems. The City has implemented certain remediation measures and will continue to bring services back online in a safe and secure manner.
  • In addition, the City recently determined an unauthorized party did acquire some of the City's data during this incident. The City is working with third-party cybersecurity professionals to determine the nature and scope of data that was taken. One primary objective of the investigation is to determine whether individuals' personal information was accessed and/or acquired as a result of the incident. Should the City determine personal information was compromised, the City will notify any affected individuals via U.S. mail as soon as reasonably possible. Further, should the City discover that individuals' Social Security number was accessed and/or acquired, the City will provide credit monitoring services and other support to those individuals. This process of identifying specific individuals' sensitive information is incredibly detailed and will likely take many weeks to complete.

"We deeply understand and regret the angst caused by cyber security incidents on our residents, customers and employees and know how concerned our stakeholders are about the possibility of personal information being accessed," said City Manager Tom Modica.  "We as a City are fully committed to following established best practices for identifying affected individuals and providing support during this difficult time."

More on The Californer
The City is committed to keeping the public informed of any new developments and potential impacts to public services and to the community. Any pertinent updates will continue to be provided as appropriate on People may also call 562.570.INFO (4636) from 8 a.m. to 5 p.m. on weekdays, excluding City holidays, for up-to-date information. Members of the community are also encouraged to follow the City's social pages on Facebook, X and Instagram with #LBAlert for updates.

Filed Under: Government, City

Show All News | Report Violation


Latest on The Californer