Hundreds of thousands of people will soon be eligible to receive a small payout to compensate them for the city of Long Beach leaking their sensitive data.

The city has agreed to pay $2.35 million to settle a class action lawsuit over a cyberattack where hackers may have accessed Social Security numbers, biometric information, driver’s licenses and passport numbers, health insurance information, taxpayer identification numbers and medical details stored in the city’s digital network.

Payment from the settlement, funded by the city’s insurance carriers, comes out to $5 each for 470,000 Long Beach residents who could potentially sue the city over the data breach, Long Beach Deputy City Attorney Howard Russell said in an email.

Those eligible to receive that payment will be notified by mail or email and can opt into the settlement or opt out to pursue an individual lawsuit against the city, Russell said.

Long Beach officials refuse to say how the breach happened. Doing so could expose vulnerabilities that someone might try to further exploit, city spokesperson Laath Martin said.

City officials say they learned of the “network security incident” on Nov. 14, 2023. The next day, the city sent out an online notice that it was “working diligently to identify the source and scope of the incident.” On April 14, 2025, after a 15-month-long audit, the city mailed out notices to hundreds of thousands of people potentially affected by the breach.

Each letter included what data may have been accessed and a list of credit monitoring services people can use.

The class action lawsuit stems from several individual claims that were consolidated under one case.

One plaintiff alleged he “experienced a substantial increase in suspicious scam phone calls and emails” after the data breach. He also claimed that someone made a fraudulent purchase of $300 in alcohol at a 7-Eleven store.

Another plaintiff claimed that she found her Social Security number on the dark web after the breach.

Attorneys for the plaintiffs did not respond to requests for comment.

The choice to settle came from the city’s insurance carriers, who “made a business decision to settle given the significant cost” of taking the case to trial, said Russell with the city attorney’s office. It was “not an admission of liability,” he added.

In the wake of the breach, the city last year budgeted an extra  $1 million to bolster cybersecurity tools and training.