Cyber Incident Victim: Los Angeles County
Date:
Nov 2023
Location:
United States of America
Summary
A cybersecurity breach prompted Long Beach to declare a local emergency, leading to the shutdown of its main website and disruption of payment systems, utility call centers, and select public services. While emergency operations, trash collection, libraries, and vaccination clinics remained functional, online bill payments were suspended with late fees waived and utility shutoffs paused pending restoration. The city engaged cybersecurity consultants and the FBI for investigation but has not confirmed ransomware involvement or data compromise, citing parallels to high-impact municipal attacks elsewhere. Officials referenced prior incidents in other cities that incurred significant recovery costs, though emphasized uncertainties regarding this incident's scope. The municipality maintains $4 million in cyber insurance coverage while directing residents to social media and a dedicated phone line for updates.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 14, 2023, Long Beach officials disclosed a significant cybersecurity breach discovered on November 8, prompting an immediate shutdown of core city systems including the main website, online payment processing, and the utility department call center. The city engaged cybersecurity consultants and notified the FBI to investigate the incident, which remained under active assessment with limited public details regarding its origin or specific attacker methodologies. While officials refrained from confirming whether ransomware demands were received, the City Council declared a local emergency on November 10, citing parallels to historical ransomware incidents in Atlanta, Baltimore, Dallas, and Oakland. This emergency declaration granted expanded procurement authority to City Manager Tom Modica to expedite response measures. Critical public services—including 911 operations, airport functions, trash collection, water/gas leak reporting lines, libraries, vaccination clinics, and animal shelter operations—remained unaffected. Utility billing late fees and service shutoffs for nonpayment were suspended due to the prolonged outage of payment systems, though officials could not confirm whether customer or employee data was compromised.
The city’s emergency resolution highlighted a broader trend of escalating cyberattacks against municipalities, referencing FBI and CISA reports documenting near-doubling ransomware incidents targeting government facilities and critical infrastructure. Long Beach’s $4 million cybersecurity insurance coverage, doubled in June 2022, indicated institutional awareness of such risks. While officials cautioned against directly equating the breach to prior ransomware incidents in other cities, they acknowledged the potential for severe operational and financial impacts, noting recoveries in comparable cases cost upwards of $17 million. Residents were directed to city social media channels or a dedicated phone line for updates, with no projected timeline for full system restoration. The incident underscored vulnerabilities in municipal networks amid rising criminal hacker activity targeting under-secured systems for financial gain, per CISA assessments.