A ransomware attack has disrupted municipal operations in Foster City, California, as officials continue to respond. The Bay Area city, home to roughly 34,000 residents, was forced to suspend most public services after suspicious activity was detected early Thursday morning.
According to city officials, the Foster City cyberattack prompted immediate activation of “incident response protocols.” Authorities stated that, as a precaution, most government computer systems were taken offline to protect the network and prevent further compromise.
“As a precaution, we have taken most of our computer systems offline while we ensure the security of our network,” the city said in a news release. “We are engaging with independent cybersecurity specialists to assist with the investigation and remediation.”
Foster City Cyberattack Caused Disruptions Across the Bay Area City
The Foster City cyberattack has effectively paralyzed nearly all non-emergency services in the Bay Area city. While emergency services such as 911 and police dispatch remained operational, there were temporary outages. Both emergency and non-emergency phone lines for the Foster City Police Department were briefly down on Thursday, but were later restored.
City officials confirmed that all public-facing services, aside from emergency response, have been paused. Even civic processes have been affected; a scheduled city council meeting was shifted to an in-person-only format and was not made available via Zoom due to system outages tied to the Foster City cyberattack.
At City Hall, the disruption was visible. Offices were largely empty on Friday, with most employees working remotely, and many customer service operations shut down. The sudden halt underscores the extent of the impact caused by the Foster City ransomware attack.
Emergency Declaration and Data Concerns
In response to the incident, the city manager declared a state of emergency, a move that enables access to additional financial and technical resources from outside agencies. Officials have also warned that sensitive public data may have been compromised.
Residents and individuals who have conducted business with the city were urged to take immediate precautions. Authorities advised changing usernames and passwords and remaining vigilant against potential misuse of personal information.
“The public’s safety is our highest priority, so we encourage members of our community to take precautions that would best assure the security of their personal information,” said City Manager Stefan Chatwin. He added that city staff, along with external cybersecurity experts, are “working diligently to restore the integrity of the City’s system and ensure there are no further security issues impacting services to our community.”
A Growing Trend in Cyber Threats
The Foster City ransomware attack reflects a broader trend affecting municipalities across California and the United States. Over the past four years, ransomware groups have targeted government systems, particularly in smaller cities that may lack robust cybersecurity infrastructure.
Other Bay Area cities, including Oakland, San Francisco, and Hayward, have also experienced similar cyber incidents. In 2023, Oakland suffered a major breach attributed to the hacker group Play, which exposed sensitive employee data and led to a class-action lawsuit that was later settled.
Ongoing Response
As the investigation into the Foster City cyberattack continues, officials remain focused on restoring services and securing systems. Independent cybersecurity experts are working alongside city staff to assess the damage, identify vulnerabilities, and prevent further incidents.
For now, the Bay Area city remains in recovery mode, with limited services available and heightened concern over potential data exposure. The Cyber Express has also reached out to the city officials to learn more about this Foster City ransomware attack.
However, at the time of writing this, no official statement or response has been received. This is an ongoing story, and The Cyber Express will be closely monitoring the situation. We will update this post once we have more information on the cyberattack or any additional statement from the city officials.
