Civically Speaking is a weekly newsletter on the latest local government news from the lens of the Long Beach Post’s City Hall reporter, who sits through so many city meetings for us.
We’re feeling a little in the dark about Long Beach’s cyber breach.
I know it’s hard to pay attention to the news cycle during the holidays, but as we all prepare to eat leftovers of Thanksgiving turkey, stuffing and, dare I say, cranberry sauce, Long Beach is dealing with a pretty significant problem.
Last week the city announced that it had been the target of a “network security incident,” which is a bureaucratic way of saying the city got hacked. And that could be bad news for a lot of people, potentially.
How big is the problem? Well, reporters in our newsroom have certainly asked questions to try and get answers for residents who might be wondering how this affects them.
But city officials have been tight-lipped about even the most benign things, let alone if residents or city employees should be worried about their personal information having been stolen.
For instance, City Manager Tom Modica declined to tell me if the city had cyber security insurance but did drop a little breadcrumb when he said that it was “in the agenda.” Having become fairly adept at navigating the city’s municipal document search feature, I was able to confirm that the city did purchase insurance for this very type of incident in 2022. Thanks, Tom.
And despite the city leading nearly every one of its social media posts since last Wednesday with some variation of being “committed to keeping the public informed” the city really hasn’t said much. The latest update included a link for people to pay parking tickets, and that was a day after I asked the city about it because our newsroom had multiple people ask how they could pay them.
The problem could be two-pronged. The city is likely still trying to figure out the extent of the damage from the breach and what systems could have been compromised, but also trying not to tip off whoever breached the system to what it knows.
Long Beach officials have also declined to say if whoever breached the system is demanding a ransom, but other cities’ experiences tell us that they likely are, because why hack a municipal system if you’re not after monetary gain? Most people aren’t doing this for funsies.
While Modica told me that we shouldn’t read too much into the Long Beach listing cities like Dallas, Baltimore and Oakland as examples in the resolution the City Council voted on last Friday to declare an emergency over the breach, it’s kind of hard not too when the city isn’t sharing very much information.
Those cities faced breaches that had ransoms — many cities don’t pay these — and spent millions of dollars to rebuild or recover their systems and data. My colleague Alicia Robinson wrote about this issue, and experts told her that the process of getting the city fully back online could be both costly and drawn out.
Some of those cities are now subjects of class action lawsuits because employee and resident information was taken as part of their attacks.
Long Beach having cyber security insurance could be helpful in shielding the city from some of the costs associated with the breach, but its policy with Beazley only insures the city for up to $4 million. It’s unclear what bells and whistles the city opted into when it purchased its policy, but Beazely offers coverage for things like legal services, cyber extortion costs and credit monitoring for peoples’ data that may have been compromised.
State law will eventually require the city to inform anyone whose data was likely compromised because of the breach, but the law allows for some delay in that notification if a law enforcement agency thinks it might hinder the investigation. The city said it’s brought in the FBI to help get to the bottom of the breach.
Considering that personal data is typically targeted in these kinds of attacks — remember, this is for monetary gain — I’d get a head start on keeping an eye on your accounts and credit cards and possibly changing your passwords.
WHAT YOU SHOULD KNOW THIS WEEK:
The saga of the old Fire Station 9 near the Los Cerritos Neighborhood will continue this week when the city’s Cultural Heritage Commission could vote to designate it as a historic landmark. The city and community groups have feuded over the site for a few years now after the city closed it down in 2019 due to what it said were recurring mold issues, something that advocates for preserving the building have disputed. The city is in the process of trying to sell the property to possibly be redeveloped, with some people showing interest in putting housing and other projects at the site. The commission’s vote Tuesday could complicate that. Designating the exterior of the building as a historic landmark would significantly limit what anyone could do to the property and would likely prohibit it from being demolished. The City Council would have final say over the historic designation, but the first step in the process could happen this week.
PAY ATTENTION TO THIS NEXT WEEK:
Public meetings are going to be pretty sparse for the next few days but don’t worry, if something important happens I’ll be there. It’s unclear what the broadcasting capabilities are for the city. I was told the City Council’s special meeting at Long Beach City College last Friday was necessary because City Hall is without full internet. It presents a perfect situation to spend time with your loved ones and enjoy the start of the holiday season. I’m thankful for a number of things and all of you who read this weekly dispatch are on my list. Without you, Civically Speaking would be a shout into the void. Happy Thanksgiving to all of you.