It’s been a week since Long Beach says it learned of a cyberattack that targeted the city, leaving many of its systems offline and residents asking questions.
In response, the Long Beach City Council called a special meeting Friday and voted to declare an emergency, which will allow the City Manager to have broader purchasing power without prior council authorization, presumably to contract with firms that could help the city as it investigates and tries to recover.
As officials work to figure out the extent of the breach, the city has said, it proactively took down a broad swath of systems and websites on its network, leaving many city web pages displaying an error message or redirecting to a temporary website.
The City Council is expected to be updated on the extent of the breach at its Dec. 5 meeting, but here’s what we know in the meantime:
Is my personal data compromised?
The city has not disclosed whether resident or employee information was accessed as part of the attack but said it’s working to figure out the extent of the breach.
“There’s a lot that we don’t know about that part and as soon as we know more we’ll be communicating if there is any type of impact to employees, data,” City Manager Tom Modica said Friday. “But this is a good time to be vigilant for everybody.”
Under California law, the city will have to disclose if anyone’s personal information was compromised or is “reasonably believed to have been” compromised, but there is no set timetable for when that would happen.
State law says that disclosure should be made in the “most expedient time possible” but it allows for some delay if a law enforcement agency determines that the disclosure could negatively affect a criminal investigation. Long Beach officials said last week that they had notified the FBI about the cyberattack; an FBI spokesperson referred questions about the incident back to the city.
What city services are still running?
Things like street sweeping, refuse and recycling pick up, and police and fire services are unaffected by the breach, according to the city. Other city services are partially available.
Libraries remain open and patrons can check out physical copies of books, but digital offerings are unavailable and so are computer services, according to the city.
The city’s COVID-19 testing site at Martin Luther King Jr. Park has switched to rapid tests only until the city’s booking system for antigen tests is back online.
The city’s Go Long Beach app is also still operational, although the city has advised there might be some delays in clearing cases reported through the app.
Anyone trying to register for classes through the Parks, Recreation and Marine Department can still use the LB Rec Connect website and pay with a credit card.
If you want to reserve a parks facility, however, you’ll have to do it in person at the department’s offices at 2760 N. Studebaker Rd., where you can also go to register for classes.
People hoping to have construction permits issued through the Community Development Department can still apply in person, but the online permit and license systems are currently down. Payments can be made with cash, check or credit card at City Hall, according to the city, depending on the size of the transaction. If you’re waiting for a previously scheduled inspection, those are expected to be honored, but anyone trying to schedule a new inspection will have to call the city at 562-570-5223.
How do I pay my bills?
Long Beach residents and businesses pay for their water, gas and refuse service through one consolidated bill, but because of the cyberattack, customers have been unable to do that since last week.
The Utilities Department online payment portal is not operational, and the department’s call center is down, which means payments can’t be made over the phone. Additionally, offsite locations where customers could pay their bills are affected by the breach.
The department is advising customers to stay tuned to its social media channels for an announcement when it can process payments again.
While customers are unable to pay, the city has said that it will not be charging late fees or shutting off utilities while the systems are offline.
If you’ve received a parking citation for street sweeping or some other violation, the city has a working website where you can pay those. That link can be found here. You can also pay in person at City Hall with cash, a check or a money order (no credit cards). If you want to pay by phone, you can call 562-570-6822.
What could this mean going forward?
Government agencies are frequent targets of cyberattacks and Long Beach referenced a few in the resolution it adopted Friday to declare the state of emergency. Some of those cities have opted to pay millions of dollars to outside firms to help recover their data and networks instead of paying a ransom.
City Manager Modica would neither confirm nor deny that a ransom has been demanded as part of this cyberattack.
In some cases, confidential police records, and employee and resident data have been compromised in attacks. But Modica said that at this point, “We shouldn’t draw conclusions that what happened in those cities is what’s happening here.”
The City Council is expected to be updated on the attack at its Dec. 5 meeting. People seeking additional information are being asked to call 562-570-4636 on weekdays between 8 a.m. and 5 p.m. or to follow the city’s social media accounts on Facebook, X and Instagram.
Editor’s note: This story was updated with information on reserving parks facilities and registering for parks department classes.