How to Report City Cybersecurity Incidents - San Jose
San Jose, California city employees and residents should report cybersecurity incidents that affect City systems or public services as soon as possible. This guide explains where to report, what evidence to preserve, which City departments handle incidents, and basic legal steps. It covers reporting to the City of San José Information Technology team, when to involve the San José Police Department, and state notification duties where applicable. Follow the steps below to contain damage, preserve logs, and escalate correctly to avoid data loss or broader service disruption.
Overview
The City of San José maintains internal incident response and cybersecurity functions for municipal systems; criminal cyberattacks are investigated by the San José Police Department or partner law enforcement. If an incident affects City services, notify City IT first for containment and follow-up; if you suspect criminal activity or extortion, report to the police. For state data-breach notification obligations, consult the California Attorney General guidance listed below.
Where to report:
- City of San José - Information Technology[1] for internal City systems and employee reports.
- San José Police Department[2] for crimes, extortion, ransomware, or when you suspect an offender outside the City organization.
- California Attorney General - Data Breach Notifications[3] for state notice requirements relating to personal data loss.
Penalties & Enforcement
San José municipal code does not separately list public fines specifically titled for "cybersecurity incidents" on the City code pages; enforcement depends on whether the incident involves violation of criminal law, contractual obligations, or administrative policy. For criminal acts (unauthorized access, extortion, fraud) the San José Police Department and county or state prosecutors enforce penalties under state law; administrative or employment consequences follow City personnel rules.
- Monetary fines: not specified on the cited City pages; criminal penalties follow California statutes and sentencing guidelines as pursued by prosecutors.
- Escalation: first incidents may result in administrative investigation; repeat or continuing offences that are criminal are prosecuted—ranges are not specified on the cited City pages.
- Non-monetary sanctions: administrative orders, suspension of system access, employment discipline, civil litigation, and criminal charges may apply depending on findings; specific City sanctions are governed by personnel rules and are not itemized on the public incident pages.
- Enforcer and complaint pathway: the Information Technology Department leads City incident response for municipal systems; criminal investigations are led by the San José Police Department. Use the departmental contacts above to report incidents and request an investigation.[1][2]
- Appeals and review: appeal routes for administrative discipline or City decisions follow City personnel and administrative procedures; time limits are not specified on the public pages and depend on the specific policy or personnel rule applicable.
Applications & Forms
The City does not publish a public universal "incident form" for external users on the general IT pages; employees and contractors typically use internal reporting channels or the departmental contact forms listed on the City IT page. For criminal reports, use the San José Police Department online or non-emergency reporting process as provided on their site. If a specific public form or fee applies, it is not specified on the cited pages.
Action Steps
- Contain: disconnect affected systems from the network if instructed by IT and preserve power state and volatile logs where safe.
- Preserve evidence: collect timestamps, logs, images and note actions taken; do not alter data unless instructed by incident response.
- Report: contact City of San José Information Technology for municipal systems and the San José Police Department for suspected crimes.[1][2]
- Notify affected individuals if personal data was exposed, following California Attorney General guidance where applicable.[3]
- Follow recovery instructions from City IT and approved vendors; keep records of costs and actions for possible claims or audits.
FAQ
- Who do I contact first for a suspected cybersecurity incident affecting City systems?
- Contact the City of San José Information Technology Department immediately; if you suspect criminal activity, also notify the San José Police Department.
- Do I need to preserve logs and evidence?
- Yes. Preserve system logs, screenshots, timestamps, and device images if possible and avoid altering evidence until IT or investigators advise.
- Are there fines or deadlines listed by the City code for cybersecurity incidents?
- The City pages consulted do not specify municipal fines or administrative fee schedules for cybersecurity incidents; criminal penalties are governed by California law and administrative sanctions by City personnel rules.
How-To
- Contain the incident: isolate affected systems and follow any immediate instructions from City IT.
- Preserve evidence: save logs, record times, and do not restart or wipe devices unless instructed.
- Report to City IT and, if criminal, to the San José Police Department; provide copies of preserved evidence.[1][2]
- Follow legal and notification guidance for personal data breaches, including the California Attorney General recommendations as applicable.[3]
- Cooperate with incident responders and document all remedial steps for after-action review.
Key Takeaways
- Report incidents quickly to City IT and to police for criminal matters.
- Preserve logs and evidence; do not modify affected systems without guidance.
- State breach-notification duties may apply; consult the California AG guidance.
Help and Support / Resources
- City of San José Information Technology
- San José Police Department
- California Attorney General - Data Breach Notifications
- FBI - How to Report Cyber Crime