Long Beach city officials announced Wednesday, Nov. 29, that some city data was accessed by unauthorized parties in a cyber incident earlier this month, but the exact nature and amount of information compromised is still being investigated. It is.
Wednesday’s announcement was the first in a Long Beach investigation into the nature and scope of the cyberattack to date. Long Beach first identified the security incident on November 14th, and shortly thereafter took most of its official website connections, networks, and systems offline to eliminate the cause of the breach.
The City Council approved an emergency declaration related to the incident on Nov. 17, giving the city administration additional powers to quickly respond to the incident.
Since the crisis began, the City of Long Beach’s Office of Technology and Innovation said Wednesday that it has been working to remove unauthorized parties from the city’s systems and implement additional cybersecurity measures beyond protocols already in place. The city announced.
This included an account audit of all users with access to the city’s network and a mandatory reset of all users’ passwords, according to the announcement. TID has also introduced stricter password requirements and an upgraded multi-factor account authentication process to further strengthen the security of its network.
A simplified version of the city’s website, longbeach.gov, was brought back online on November 16th. It included basic information such as links to government social media platforms, Long Beach Airport flight schedules, city phone numbers, and updates. Information about cybersecurity incidents.
In the meantime, TID will also help facilitate in-person payments and other workarounds to help the city continue operations, and set up an on-site computer lab for payroll and check processing, according to Wednesday’s announcement. This helped minimize disruption to the city’s payroll. This is to “keep the city running as smoothly as possible” during the incident.
The department has also established a 24/7 employee assistance hotline, providing in-person and telephone assistance, and providing assistance at various locations to ensure all city employees can access the network and continue working. We have extended face-to-face service hours with our staff. said the announcer. Employees will continue to have access to additional support from her TID.
Most of Long Beach’s systems, including the main longbeach.gov website, general information, and department websites, were closed on Monday, Nov. 27 after TID staff determined they were no longer accessible to unauthorized parties. Brought back online.
Restoration of some city services, such as utility bill payments and digital amenities offered at the Long Beach Public Library, is still in progress, according to the announcement. Utility billing and shutoffs remain suspended as the city of Long Beach works to bring the department’s systems back online.
Once all systems are fully back online, all previously scheduled customer service operations will continue but may be delayed, the release states, and systems return to normal operations. There may be some backlog or catch-up process.
“This is an unprecedented event for our city organization and we take it very seriously,” Mayor Rex Richardson said in the release. “But I’m very proud of our response so far.
He added: “While the recovery process may take some time, we remain dedicated to restoring normalcy and ensuring the safety and security of our networks, systems, and communities.” added.
Additional information about the data that was accessed is not available at this time as the city’s investigation into the scope and nature of the breach is ongoing, the statement said. It could be weeks or months before the investigation is complete and Long Beach officials know exactly what kind of data was accessed and who was affected.
The city hired a third-party cybersecurity firm to complete the investigation. The main purpose of the investigation is to determine whether people’s personal information was accessed during the cyber incident, the announcement said.
“If the City determines that personal information has been compromised, the City will notify affected individuals by U.S. mail as soon as reasonably practicable,” the press release stated, adding that the investigation revealed that people’s Social Security numbers If it is revealed that credit monitoring services have been accessed, the city of Long Beach said it will provide information and “other support” to those individuals.
“This process of identifying sensitive information about specific individuals is incredibly detailed and will likely take many weeks to complete,” the release states.
The city also announced that its investigation so far has found no evidence of ransomware. Ransomware is a type of malware that is designed to encrypt files on your device, essentially making them unusable.who uses ransomware Usually demands a ransom in exchange The U.S. Cybersecurity and Infrastructure Security Agency said it was designed to decrypt affected files.
The cause of the cyber incident is also currently under investigation.
Cybersecurity remains a top priority for Long Beach, according to the announcement.
“We deeply understand and regret the anxiety this cybersecurity incident has caused to our residents, customers, and employees,” City Manager Tom Modica said in a statement. I am aware that he may have done so.”
“As a city, we are committed to following established best practices for identifying affected individuals and providing assistance during this difficult time,” Modica added.
Over the past five years, the city has spent $32 million on cybersecurity upgrades. This includes hardening infrastructure and equipment to reduce the risk of cyber incidents, and upgrading systems to detect, monitor and prevent cyber threats.
Long Beach has also hired additional cybersecurity experts and improved digital safety training for all employees, according to the announcement.
The City Council also made an additional $1.7 million in cybersecurity investments in the fiscal year 2024 budget approved in September, along with a $795,000 federal grant to strengthen cybersecurity monitoring and detection. Assigned.
Regarding this incident, the city has laid out some proactive steps people can take if they are concerned that their information may have been compromised.
Those tips include:
- Regularly monitor your bank statements, credit reports, and other accounts for unusual activity
- Create a new strong password and enable multi-factor authentication if possible.
- Protect your Wi-Fi with a strong password.
- Freeze your credit report for added protection against unauthorized access.
- Be wary of phishing scams that ask for personal information via email, text, or phone calls.
The City will continue to provide updates regarding the investigation as they become available.check long beach government For more information.