Cyber Incident Victim: City of Long Beach
Date:
Nov 2023
Location:
United States of America
Summary
Long Beach declared a local emergency following a cybersecurity breach that disrupted online services, payment systems, and utility call centers, prompting system shutdowns and an ongoing investigation with federal assistance. Critical operations including 911 response, airport functions, waste collection, and public health services remained operational, while utility late fees and shutoffs were suspended pending resolution. The city activated emergency powers for expedited response measures and leveraged existing cybersecurity insurance coverage, though potential data compromise remained under assessment. Officials refrained from confirming ransomware involvement but acknowledged similarities to high-profile municipal attacks that incurred significant recovery costs elsewhere.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 7, 2023, Long Beach City officials detected a network security incident, prompting immediate containment measures that included disconnecting the city’s primary website and several internal systems. By November 8, the city engaged external cybersecurity consultants and notified the FBI to assist with forensic analysis. The incident disrupted multiple municipal services: online utility bill payments and the utility department’s call center became inoperable, though critical infrastructure such as 911 emergency response, airport operations, trash collection, and water/gas leak reporting lines remained functional. Libraries, vaccination clinics, and animal shelter services also continued without interruption. To mitigate public inconvenience, the city suspended late fees for utility bills and halted service disconnections for non-payment. City Manager Tom Modica publicly acknowledged the breach on November 10 but declined to confirm whether ransomware demands were involved or if personal data had been compromised, citing the ongoing investigation.
The Long Beach City Council declared a local emergency on November 10, 2023, granting Modica expanded procurement authority to expedite recovery efforts. The emergency resolution cited recent ransomware attacks against Atlanta, Baltimore, Dallas, and Oakland as context for the decision, though Modica cautioned against direct comparisons. Financial exposure was partially offset by a $4 million cybersecurity insurance policy the city had expanded in June 2022. Public updates were limited to social media channels and a dedicated phone line during business hours. While core emergency services sustained no operational impact, the prolonged outage of payment systems and call centers indicated significant backend infrastructure compromise. The city did not disclose technical details of the attack vector, attacker identity, or data exfiltration scope. FBI and CISA advisories referenced in the emergency declaration highlighted a broader trend of escalating ransomware incidents targeting municipal governments, particularly those with inadequate cyber hygiene practices. Recovery timelines and total costs remained undetermined as of the latest public reporting.