The city of Long Beach has begun notifying people whose personal information was stolen in a 2023 cybersecurity breach, officials said Monday.
The announcement follows the March 18 conclusion of the city’s forensic investigation and manual document review. Officials and the city’s team of cybersecurity professionals determined that files containing personal information may have been illegally accessed and/or acquired by an unauthorized individual or group.
While there is no evidence of the personal information has been misused in order to commit fraud or identity theft, the city is legally required to send the notifications. Officials added that the notices are also “out of an abundance of caution” so that people affected by the breach have the information and resources to protect their personal information.
“Data security is of the utmost importance, and we are committed to protecting the data that our community entrust to us,” Mayor Rex Richardson said in a statement. “This has proven to be an unprecedented event for our organization, and we continue to take this investigation and its findings seriously. We will continue to be as transparent as we can, and we appreciate the patience and understanding from our community.”
The potentially impacted files contained first and last names in combination with one or more other data field, including date of birth, financial account information, credit and debit card information, Social Security number, biometric information, medical diagnosis and treatment information, medical provider information, health insurance information, driver’s license number, passport number, medical record number, taxpayer identification number and patient account information, according to the city. The types of personal information varied on an individual basis, and all data elements were not impacted for each individual.
Notifications letters to impacted individuals started going out via U.S. mail on Monday, officials said. The letters detail available resources to help safeguard individuals against identity fraud.
“In general, people are encouraged to take precautionary measures to protect their information, including placing a fraud alert and/or security freeze on credit files, obtaining free credit reports, and remaining vigilant in reviewing financial account statements and credit reports for fraudulent or irregular activity on a regular basis,” city officials advised. “Additionally, the city is offering people whose Social Security numbers were potentially impacted with complimentary credit-monitoring services in accordance with applicable state laws.”
A dedicated call-center team — 888-802-9667 — provides information and resources to those impacted. The toll-free, confidential hotline is available Monday through Friday, 6 a.m. to 6 p.m. except holidays. Officials cautioned that call center staff members “will not ask for, nor should people provide, a Social Security number or other personal information.”
A multilingual webpage on the data breach offers more information, lists of frequently asked questions and is accessible for anyone who may have been impacted and did not receive a notification letter, officials said.
“When this investigation first began, we committed to being open with our community and keeping the public informed of any updates regarding unauthorized access to people’s personal information,” City Manager Tom Modica said in a statement. “While thankfully there’s no indication of any fraudulent activity as a result of this unauthorized access, we understand this news may resurface concern and angst for our residents, employees and stakeholders. Safeguarding city assets, including people’s personal information, has been and will continue to be a top priority for our organization. We will continue to work closely with cybersecurity experts to enhance our security measures and minimize the likelihood of this type of incident from occurring again.”
Officials noted Long Beach’s annual spending on cybersecurity increased by $1 million in fiscal year 2025 for experts, training, testing, data loss prevention tools and other measures.
