Foster City, California said it was forced to pause all public services outside of emergency responses in light of a ransomware attack discovered on Thursday morning.
The Bay Area city, home to about 34,000 people, forced the city manager to declare a state of emergency — which will unlock supplementary financial support from outside agencies.
“The public’s safety is our highest priority, so we encourage members of our community to take precautions that would best assure the security of their personal information,” said City Manager Stefan Chatwin.
The city warned that it is possible the hackers obtained public information, urging anyone that has done business with the city to change personal passwords and take measures to protect personal data.
The city said emergency services like 911 and police dispatch are “functional and unaffected” but the Foster City Police Department sent out a notice on Friday night saying both its non-emergency line and emergency direct line are “are back up and running” after they were reported to be down temporarily.
Foster City also said a city council meeting will be held in person only and will not be available over Zoom due to the attack.
Foster City is about 30 minutes south of San Francisco and is considered part of Silicon Valley, serving as the headquarters for several large science and technology companies.
Like many states, California has been battered by ransomware gangs over the last four years, with multiple attacks taking out government systems. Municipalities in the Bay Area specifically have been targeted, including Oakland, San Francisco and Hayward.
The attack on Foster City took place hours before a ransomware gang claimed it attacked the city of Los Angeles. City officials did not respond to requests for comment, but the Los Angeles Metro service reported technical issues on Friday morning.
A spokesperson said the Metro service, which manages the city’s bus and rail lines, “proactively limited employee access to many internal administrative computer systems this week after the agency’s security team discovered unauthorized activity.”
They added that customers “may notice station monitors are not displaying arrival times and may encounter issues adding value to TAP cards via Metro’s website or customer service lines.”
“Restricting systems following the discovery of unauthorized access is part of Metro’s standard safety protocols to contain and minimize risk,” the spokesperson said.
“Although an inconvenience to employees, these safety measures protect customers without disrupting service. At this stage of our investigation, Metro has not found that customer and employee data has been affected.”
Metro officials are in the process of restoring access after thorough security checks, according to the spokesperson. Customers who need to add value to their transit cards should do so at ticket vending machines.
The Metro website has a banner on it that says technical issues are delaying bus service alerts.
Recorded Future
Intelligence Cloud.
