This story is available for republication. Please see our policy here.

More than a year since a cyberattack disrupted a broad swath of city services and prompted concerns about stolen personal data, Long Beach this week gave some limited details about the scope of the breach.

On Monday, a city spokesperson said the personal data of 305,347 people may have been compromised. The city said that data could include Social Security numbers, “biometric information,” driver’s licenses and passport numbers, health insurance information, taxpayer identification numbers, and medical details such as diagnoses and treatment information.

“The types of personal information involved varied by individual and not every data element was impacted for each individual,” the city said in a statement.

Starting Monday, Long Beach began mailing out legally required notifications to people whose information may have been exposed. Officials said the letters are being sent to the last known home addresses of “residents, employees, customers and stakeholders” living in Long Beach, as well as other cities and states. Each letter includes what data may have been accessed and a list of credit monitoring services people can use.

Long Beach officials said an “extensive forensic investigation” into the November 2023 breach concluded on March 18 this year.

Officials would not provide a copy of the investigation due to its “confidential and sensitive nature,” and they have still declined to answer many questions about the cause or scope of the breach, including exactly which city databases may have been compromised.

“We cannot disclose specific technical details surrounding the City’s systems due to security considerations, as sharing such information could expose vulnerabilities that may attempt to be exploited further,” city spokesperson Jennifer De Prez said. “The City has and will continue to invest in cybersecurity measures.”

The city deals with a range of sensitive information through everything from business licenses, utility billing and building permits to medical information at its Health Department and through everyday functions like its public WiFi, security cameras and parking pay stations.

It remains unclear who tried to gain unauthorized access to city systems. The city said it reported the breach to the FBI, but city officials remain “unaware of the individual(s) responsible for this incident.”

They said, however, there is “no indication” that any information was used to commit fraud.

“Our forensic investigation revealed no indicators that the data accessed during the breach has been sold or used maliciously,” De Prez said. “Additionally, there are no known reports of direct fraud or identity theft arising from the incident at this time.”

If you think your data may have been affected, visit the city’s website or call their toll-free hotline at 888-802-9667 between 6 a.m. and 6 p.m. on weekdays.

“Data security is of the utmost importance, and we are committed to protecting the data that our community entrusts to us,” Mayor Rex Richardson said in a statement. “This has proven to be an unprecedented event for our organization, and we continue to take this investigation and its findings seriously. We will continue to be as transparent as we can, and we appreciate the patience and understanding from our community.”