Foster City, California sustained a cybersecurity breach on March 19–20, 2026 that disrupted permitting, licensing, and public-facing municipal services while emergency response remained operational; at least one third-party source characterizes the incident as ransomware, though Foster City has not confirmed that classification and no CVE, threat actor attribution, or confirmed attack vector has been publicly established. The incident is relevant to any organization sharing vendors, managed service providers, or network connectivity with Foster City systems, as well as to peers in the public sector as a signal of continued ransomware pressure against municipal infrastructure. Detection focus should target T1486 (ransomware encryption activity), T1490 (shadow copy and recovery inhibition), and T1078 (valid account abuse) in your own environment, and backup integrity and offline backup posture should be validated against a scenario where primary network backups are inaccessible.