Long Beach officials are contemplating how to deal with a major cybersecurity breach that led the city to shut down its main website and has also incapacitated some payment processing, the utility department call center and other public services.

On Friday, the City Council declared a local emergency in relation to the breach, but city leaders have released little information about how it happened or what it entails.

The resolution declaring the emergency references cyberattacks and ransomware attacks in other cities that it says are “similar” to Long Beach’s situation.

In an interview, City Manager Tom Modica declined to say if Long Beach had received any ransom demand.

“I really can’t get into any of those details of the investigation,” Modica said.

The Long Beach City Council holds a meeting at Long Beach City College in response to a cybersecurity breach in Long Beach, Friday, Nov. 17, 2023. Photo by Thomas R. Cordova.

The city announced late Wednesday that it had discovered a “network security incident” a day earlier and had contacted its cybersecurity consultant and the FBI to help investigate.

Public safety and emergency services have not been affected and the city is responding to 911 calls as usual.

The airport, trash and recycling collection, and phone lines to report gas and water leaks remain available, the city said in a Friday morning news release. Libraries, city flu and COVID-19 vaccine clinics and the animal shelter all are operating.

Because the utility call center is out of service and online bill payment is shut down, the release said, customers will not be charged late fees and utility shutoffs for non-payment are suspended for now.

It’s unclear if any payment or personal data may have been compromised.

“There’s a lot that we don’t know about that part,” Modica said. “As soon as we know more, we will be communicating if there’s any type of impact to employees or data.”

The emergency resolution the City Council approved Friday gives Modica some expanded powers, such as more purchasing authority, to respond to the situation.

The resolution says “cyberattacks against municipalities have seen a sharp increase in recent history resulting in ransomware attacks and data breaches that put safety of the public, employees, and property at risk,” and it mentions “similar incidents” in Atlanta, Baltimore, Dallas and Oakland.

All four of those cities have reportedly experienced ransomware attacks since 2018; the breaches in Dallas and Oakland happened earlier this year.

None of the cities saw a quick or painless resolution to their cyberattack.

Atlanta and Baltimore both refused to pay five-figure ransom demands (requested in bitcoin) and instead, each spent more than $17 million to recover from the attack and shore up digital security, according to news reports at the time.

Media reports indicated the incident in Dallas reportedly affected more than 26,000 people and the stolen data included addresses and Social Security numbers, and Oakland lost similar data for about 13,000 people as well as confidential police records; several legal claims were filed against the city of Oakland.

Asked about the comparison to Long Beach’s incident, Modica said, “We shouldn’t draw conclusions that what happened in those cities is what’s happening here, but it was to show the scope of why an emergency is necessary.”

The city does purchase insurance to cover cybersecurity breaches and ransomware attacks and doubled its coverage in June 2022 to $4 million.

A rise in cyberattacks on government agencies has been noted by both the FBI and Cybersecurity and Infrastructure Security Agency (CISA), a division of the Department of Homeland Security, CISA Region 9 Chief of Cybersecurity Joe Oregon said in an email.

The FBI’s Internet Crimes Complaint Center found ransomware attacks against government facilities nearly doubled over the last several years, and CISA found a “steep increase” in ransomware incidents targeting critical infrastructure such as emergency services and the U.S. defense industry, the email said.

(Earlier this month, the Port of Long Beach was the backdrop for CISA’s announcement of a campaign to protect infrastructure against cyberattacks.)

While some attacks on infrastructure are backed by other nation-states aiming to disrupt U.S. capabilities, Oregon said, criminal hackers who focus on government facilities often target “information systems which lack routine cyber hygiene” with the goal of financial gain.

Long Beach officials have directed residents to the city’s social media accounts for updates, or to call 562-570-4636 on weekdays between 8 a.m. and 5 p.m.

Jason Ruiz covers City Hall and politics for the Long Beach Post. Reach him at [email protected] or @JasonRuiz_LB on Twitter.