CITIZENS NEWS

Long Beach cyberattack exposes sensitive data of 600,000 residents

By lauraharris // 2025-04-24

• A November 2023 cyberattack on Long Beach city systems compromised highly sensitive data of 600,000+ residents, including SSNs, biometrics (fingerprints, facial scans), financial/medical records and passport/driver’s license details. The breach wasn't disclosed until April 2025.
• Unlike passwords, biometric data cannot be reset, leaving victims permanently vulnerable. No confirmed misuse has been reported, but the 17-month delay in disclosure hindered early protection efforts (e.g., credit freezes).
• Long Beach disabled parts of its digital infrastructure, allocated $1M for cybersecurity upgrades and offered free credit monitoring. Officials warned against sharing personal info with call centers but admitted security shortcomings.
• Experts and activists criticized the delay in notification and systemic flaws in government data protection, arguing that centralized systems increase risks of irreversible identity theft.
• The breach reignited debates over national digital ID programs, with critics warning that centralized databases create high-value targets for hackers and enable surveillance. The incident serves as a cautionary tale against over-reliance on vulnerable digital identity systems.

A massive cyberattack on Long Beach city systems has exposed the highly sensitive personal data of over 600,000 residents. The attack, which occurred in November 2023 but was only disclosed this April after an extensive forensic investigation, included breaches of social security numbers, biometric identifiers (fingerprints, facial scans), passport and driver's license details, medical and financial records and payment card information. No confirmed misuse of stolen data has been reported, but unlike breaches involving passwords, biometric data, once compromised, cannot be reset, leaving victims permanently vulnerable. "Data security is of the utmost importance, and we are committed to protecting the data that our community entrust to us," said Long Beach Mayor Rex Richardson. "This has proven to be an unprecedented event for our organization, and we continue to take this investigation and its findings seriously. We will continue to be as transparent as we can, and we appreciate the patience and understanding from our community." (Related: Cyberattack breaches software platform used by 12 ministries in Norway.) Long Beach temporarily disabled portions of its digital infrastructure, though emergency services remained operational. Officials acknowledged shortcomings in their cybersecurity defenses, pledging improvements. Long Beach officials activated emergency protocols, allocating $1 million for cybersecurity upgrades and offering affected residents credit monitoring. The city has set up a dedicated call center (888-802-9667) for questions but warns callers not to share personal information over the phone. Experts recommend that impacted individuals monitor credit reports for suspicious activity, place fraud alerts or credit freezes with major bureaus and use the free credit monitoring offered by the city. "It is important to note that call center staff will not ask for, nor should people provide, a Social Security number or other personal information when calling the call center," city officials said. However, privacy advocates say the damage is already done. The 17-month delay in notifying the residents has denied the chance to take immediate protective measures, such as freezing credit or monitoring suspicious activity. Such delays exacerbate the risks of identity theft, particularly when unchangeable data like biometrics are involved.

Long Beach cyberattack reignites concerns for national digital ID programs

The cyberattack has reignited debates over government and corporate surveillance, as well as proposals for national digital ID programs. "This breach underscores the inherent risks of digital ID systems. By consolidating sensitive personal information in centralized databases, these systems create valuable targets that, once penetrated, can leave individuals permanently exposed. As governments continue to push digital ID frameworks, the Long Beach case serves as a cautionary tale about the consequences of relying on vulnerable, centralized systems for identity verification and public services," Ken Macon wrote for Reclaim the Net. Privacy advocates highlighted the systematic flaws in how governments safeguard digital identity systems, raising urgent concerns about the risks of centralized digital identity systems and government handling of sensitive information. Visit Glitch.news to read more stories about cyberattacks in the United States. Watch the video below to learn more about phishing emails. This video is from the SecPoint channel on Brighteon.com.

More related stories:

Caesars Entertainment pays ransom following cyberattack on casino.

Apple warns of cyberattack targeting 1.46 BILLION Apple devices.

Food giant Dole temporarily halts U.S. production following ransomware cyberattack.

Israel declares state of emergency following CYBERATTACK on government websites.

Chinese AI startup DeepSeek faces cyberattack amid U.S. tech stock turmoil.

Sources include: Reclaimthenet.org MSN.com Longbeachlocalnews.com Brighteon.com

glitch collapse hackers national security personal data cybersecurity cyberattack cyber war big government encryption biometric file sharing information technology computing networks data harvesting Long Beach