Cyber Incident Victim: Foster City

On March 19, 2026, Foster City, California experienced a ransomware attack that compelled the municipality to suspend all public services except emergency responses. City officials announced the suspension shortly after the infection was detected, stating that normal operations were halted to prevent further spread. The ransomware encrypted critical systems, disrupting administrative functions and non‑essential public programs. Emergency services continued to operate while the city assessed the scope of the compromise.

In the immediate aftermath, city officials warned that the attackers may have obtained personal information of residents, though they did not confirm any specific data loss. The municipality initiated a response effort that included isolating affected networks, engaging external cybersecurity specialists, and beginning restoration of backups. Despite these actions, the city reported weeks later that it was still in the process of recovering from the incident. Throughout this period, no ransomware group or threat actor publicly claimed responsibility for the attack on Foster City.

The incident was recorded in the March 2026 entry of the Significant Cyber Incidents timeline, which tracks ransomware events affecting municipal entities. No further details about the ransomware variant, attack vector, or ransom demand were disclosed in the source material. The city’s experience contributed to the broader record of ransomware impacts on local government services during early 2026.