City of Long Beach Cyberattack in November 2023 Impacts 470,060 Individuals

May 4, 2025HIPAA News0

Present and former residents of City of Long Beach in California found out after more than one year that their personally identifiable (PII) and protected health information (PHI) were compromised during a cyberattack. Based on notification letters sent to several U.S. states, 470,060 individuals had their data exposed and likely stolen during the attack. The PHI of 258,191 individuals were compromised. There is no ransomware group associated with the cyberattack yet.

According to forensic investigation, the cyberattack was discovered on or about November 14, 2023. On March 18, 2024, the investigators confirmed thatbthe threat actor accessed or stole sensitive information. After 13months, the City of Long Beach mailed notification letters to the impacted persons starting on April 14, 2025.

City officials reported that the majority of the impacted systems had been recovered and available online within a week after discovering the attack. Although the unauthorized data access was confirmed in March 2024, the city explained in a notification on October 7, 2024 that third-party cybersecurity experts were still determining the nature and extent of the data breach. It was also mentioned in the notice that free credit monitoring and identity theft protection services will be provided to those who had their Social Security numbers exposed. The analysis of data to identify the specific individuals affected is very detailed and time-consuming. But the process is progressing and may be completed in the upcoming months.

The city officials explained in the latest notification that from the discovery of the attack until April 14, 2025, there were no report received concerning the misuse of any impacted data or identity theft or fraud linked to the compromised information. The city issued the notification letters in compliance with HIPAA law and for safety precaution. According to Long Beach Mayor Rex Richardson, the city office will continue to investigate this unprecedented event and will take its findings seriously. The personal notifications sent to individuals who had their Social Security numbers compromised include an offer of free credit monitoring and identity theft protection services for one year.

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas is a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas such as data protection and innovations such as telehealth. Follow Thomas on X https://x.com/Thomas7Brown

ComplianceHome is a registered trademark. Copyright © 2025 ComplianceHome. All rights reserved.