What happened
Foster City, California said it discovered a ransomware attack on Thursday morning that forced it to pause all public services except emergency response and led the city manager to declare a local state of emergency. The city warned that hackers may have obtained public information and urged anyone who has done business with the city to change passwords and protect personal data. Emergency services such as 911 and police dispatch remained operational, though some police phone lines were temporarily down and a city council meeting had to move to in-person only because Zoom access was unavailable. The incident came as Los Angeles Metro said it had proactively restricted employee access to many internal administrative systems after discovering unauthorized activity, causing issues with station arrival displays and TAP card value-loading through its website and customer service lines.Â
Who is affected
Residents and anyone who has done business with Foster City are affected by the ransomware incident, while LA Metro employees and riders were affected by technical disruptions tied to restricted internal systems.Â
Why CISOs should care
The incidents show how attacks on municipal and transit systems can quickly disrupt public services, internal operations, and customer-facing functions even when emergency services or transit service itself remain available.Â
3 practical actions
- Prepare continuity plans for public services. Foster City paused non-emergency services and shifted public meetings because of the ransomware incident.Â
- Restrict access quickly after suspicious activity. LA Metro limited access to internal systems as a containment step after detecting unauthorized activity.Â
- Warn potentially affected users promptly. Foster City urged anyone who had done business with the city to change passwords and protect personal data.Â
For more coverage of major incidents and threat activity, explore our reporting on Cyberattacks.