On the morning of Thursday, March 19, 2026, the residents of Foster City, California woke up to unsettling news: a ransomware attack had paralyzed nearly every city service overnight. What started as an IT alert in the early hours quickly escalated into a full-blown civic emergency — and a cautionary tale for cities everywhere.

What Happened

Foster City’s IT staff discovered ransomware on the city’s computer networks in the early hours of March 19. Ransomware is a type of malicious software (malware) that locks or encrypts a victim’s files and demands a ransom payment — usually in cryptocurrency — to restore access.

Once the threat was identified, city officials made the decision to pause virtually all public-facing services to stop the attack from spreading further. By Thursday afternoon, the City Manager’s Office was formally declaring a state of emergency — a legal designation that allows the city to request financial assistance from state and federal agencies to help pay for the response and recovery.

City Manager Stefan Chatwin confirmed that outside cybersecurity experts had been brought in alongside city staff to work on restoring systems and identifying the full scope of the breach.

As of Friday, March 20, no group had publicly claimed responsibility for the attack, and officials had not disclosed how the attackers got in.

Which Services Were Affected

The impact was sweeping. Almost everything a city normally does for its residents came to a sudden halt:

  • All non-emergency public services were paused — permits, payments, records requests, and more
  • Police Department business phone lines went down temporarily, forcing the department to advise residents to call 911 or visit the station in person
  • A Planning Commission meeting was canceled — a sign that even routine civic business couldn’t continue
  • City staff were unable to use normal IT systems, slowing response across departments

The only things confirmed to be working normally:

  • 911 emergency calls — operational and unaffected
  • Police dispatch — fully functional throughout the incident

City officials also warned that resident data may have been exposed. They said it was “possible that public information was accessed in the breach,” though the exact scope was still unknown. Anyone who has ever done business with Foster City — paid a bill, applied for a permit, registered a vehicle — was encouraged to change their passwords.

Why Cities Are Such Tempting Targets

You might wonder: why would hackers attack a small Bay Area city? The answer comes down to a painful reality — local governments are often the least defended targets with the most valuable data.

Here’s why attackers go after cities:

  • Outdated technology. Many municipalities run aging software and hardware they can’t afford to replace. Old systems have more known vulnerabilities.
  • Small IT teams. A city with 30,000 residents might have just a handful of IT staff — nowhere near enough to defend against a sophisticated attack.
  • Goldmine of personal data. City systems hold names, addresses, Social Security numbers, payment information, and business records for thousands of residents.
  • Pressure to pay up. When a hospital or city gets hit, the stakes feel life-or-death. Attackers bank on governments paying quickly to restore services.
  • Minimal cybersecurity budgets. Unlike banks or tech companies, most cities don’t have large security budgets. That makes them softer targets.

Foster City is not alone. In recent years, cities like Baltimore, Atlanta, and New Orleans have all suffered major ransomware attacks that cost millions of dollars and weeks of disruption.

What Residents Should Know Right Now

If you live in or have done business with Foster City, here’s what matters most:

  • Emergency services are working. Call 911 as you normally would — that system was not affected.
  • Your data may have been accessed. The city hasn’t confirmed a data breach yet, but hasn’t ruled it out either. Assume your information could be at risk.
  • Change your passwords. If you’ve ever paid a bill, applied for a permit, or created an account with Foster City, change those passwords now — especially if you reuse that password elsewhere.
  • Watch for phishing. After data breaches, criminals often use stolen info to send convincing fake emails. Be suspicious of any unexpected message asking you to click a link or verify your info.
  • Monitor your credit. Consider placing a free fraud alert with the major credit bureaus (Equifax, Experian, TransUnion) as a precaution.

How to Protect Yourself (Even If You’re Not in Foster City)

Attacks like this are a wake-up call for everyone. Here’s how everyday people can reduce their risk when a government or company they interact with gets hit:

  • Use unique passwords for every account. A password manager (like Bitwarden or 1Password) makes this easy. If one account gets compromised, the others stay safe.
  • Enable two-factor authentication (2FA). Even if someone steals your password, 2FA means they still can’t get in without a second code.
  • Sign up for data breach alerts. Sites like HaveIBeenPwned.com will notify you if your email turns up in a known breach.
  • Be skeptical of urgent emails. Phishing attacks spike after breaches. When in doubt, go directly to the official website rather than clicking any links.
  • Check your bank and credit card statements regularly. Catching fraud early limits the damage.

The Foster City attack is a reminder that cybersecurity isn’t just a tech problem — it’s a community problem. When a city’s systems go down, real people are affected: the resident who needed a permit, the small business waiting on a payment, the family trying to reach a non-emergency police line.

The good news? Recovery is possible, and awareness is your best defense. Stay informed, stay cautious, and keep your own accounts locked down tight.

Sources: Local News Matters, DysruptionHub, Mercury News, East Bay Times, SF Gate, Foster City official statement.