Ransomware Attack Halts Foster City Services, LA Metro Reports Unauthorized Activity
What Happened – Foster City, California declared a state of emergency after a ransomware gang encrypted municipal systems, forcing the city to suspend all non‑emergency public services. The attack coincided with Los Angeles Metro uncovering “unauthorized activity,” prompting the transit agency to lock down internal administrative systems and limit customer‑facing functions.
Why It Matters for TPRM –
- Municipal IT environments are increasingly targeted, exposing third‑party data and service continuity risks.
- Ransomware can cascade to partner agencies (e.g., regional transit) that share data or rely on shared infrastructure.
- Unconfirmed data exposure heightens liability and compliance concerns for vendors that process government records.
Who Is Affected – Public sector (municipal government), public transportation providers, vendors that host or manage city data, and any third‑party service integrated with the affected systems.
Recommended Actions –
- Verify that your organization does not store or process Foster City or LA Metro data; if it does, confirm encryption and access controls.
- Review ransomware response and incident‑response plans with any municipal or transit‑related vendors.
- Conduct a third‑party risk assessment focusing on backup integrity, network segmentation, and credential hygiene.
Technical Notes – Attack vector not disclosed; likely a phishing or exploit‑based entry point. No specific CVEs reported. Potential exposure of publicly available resident information; emergency services (911) remained operational. Source: The Record