Three breach and incident items affect distinct organizations this period: LA Metro detected unauthorized access to internal administrative systems and restricted services (attack vector unconfirmed); Marquis disclosed a ransomware double-extortion event affecting 672,000 individuals with confirmed data exfiltration; and Foster City, California suffered a ransomware attack that shut down municipal IT and communication systems with emergency declaration under consideration. No CVEs are associated with any of these incidents; the shared pattern is ransomware or intrusion-driven operational disruption requiring containment actions that themselves degrade services. Organizations with vendor or data-sharing relationships with Marquis should assess exposed data flows and regulatory notification obligations immediately; public sector and critical infrastructure operators should use these incidents to validate ransomware containment playbooks, backup integrity, and privileged account controls.