Executive Summary

On March 19, 2026, the city of Foster City, California, experienced a major cybersecurity incident that has forced the shutdown of all non-emergency public services. In response to the widespread disruption, the City Manager's Office is declaring a state of emergency to facilitate access to external financial aid for recovery efforts. While emergency services such as police and fire remain operational, the attack has halted other municipal functions. The city is currently investigating the breach with the help of third-party cybersecurity experts to determine the nature of the attack and the extent of any data compromise. Residents have been advised to change their passwords as a precautionary measure.

Threat Overview

The specific details of the cyberattack, such as whether it was ransomware, a denial-of-service attack, or another form of intrusion, have not been disclosed by Foster City officials. However, the complete shutdown of services and the warning about potential data access suggest a significant network compromise. Attacks on municipal governments often fall into one of these categories:

• Ransomware: Attackers encrypt critical systems and demand a ransom to restore access. This is a common tactic against local governments, which are often perceived as having limited security resources and a high incentive to pay to restore public services.
• Data Breach: Attackers gain unauthorized access to steal sensitive resident and employee data for fraud or sale on the dark web.
• Destructive Wiper Attack: A more malicious attack where the goal is simply to cause chaos and disrupt services by destroying data.

The declaration of a state of emergency indicates the severity of the incident and the city's inability to restore services quickly using its own resources.

Impact Assessment

The primary impact is the disruption of public services for the residents of Foster City. This can include the inability to pay bills, apply for permits, access public records, or use other city-run facilities and programs. The shutdown creates significant frustration for citizens and halts the administrative functions of the city government. Furthermore, the potential compromise of public information raises serious privacy concerns. If sensitive data like Social Security numbers, financial information, or home addresses were accessed, residents could be at risk of identity theft and fraud for years to come. The financial cost will also be substantial, covering incident response, system restoration, potential credit monitoring for residents, and likely increased cybersecurity investments.

Detection & Response

Foster City is currently in the response phase. Their actions are typical for a municipal government under attack:

1. Isolate and Contain: The shutdown of services is a drastic but effective containment measure to prevent further damage.
2. Engage Experts: Bringing in external cybersecurity experts is crucial for organizations that lack a large internal security team.
3. Public Communication: Issuing a statement to the public and advising password changes is a responsible first step in managing the public-facing aspect of the breach.
4. Declare Emergency: This is a procedural step that unlocks state and potentially federal resources and funding to aid in the recovery.

Mitigation

While the attack has already occurred, this incident provides important lessons for other municipalities:

1. Incident Response Plan: All government entities must have a tested and up-to-date incident response plan. This plan should outline steps for containment, communication, and recovery.
2. Backups: Maintain and regularly test offline, immutable backups of all critical systems and data. This is the most effective defense against ransomware, as it allows for restoration without paying a ransom.
3. Cyber Insurance: While not a preventative measure, having a robust cyber insurance policy can help defray the enormous costs of incident response and recovery.
4. Network Segmentation: Segmenting the city's network can help contain an attack to one department, preventing a single point of failure from taking down all city services.
5. Security Fundamentals: Implement security best practices like regular patching, multi-factor authentication, and security awareness training for all employees.