Report City Cybersecurity Incidents - San Antonio

Technology and Data Texas 3 Minutes Read · published February 05, 2026 Flag of Texas

Residents of San Antonio, Texas who discover or suspect a cybersecurity incident involving City systems should report it promptly to the City of San Antonio Information Technology Services (ITS) to protect data and restore services. This guide explains who enforces city policies, how to report incidents, what penalties or actions may follow, practical steps to preserve evidence, and where to find official forms and contacts. Use the official City technology policy pages for authoritative guidance and to submit incident information securely via the ITS contact channels City IT - Technology[1].

What to report

Report any unauthorized access, ransomware, extortion attempts, data exposure, suspicious emails affecting city accounts, or abnormal system behavior that involves City-owned or City-operated systems.

Report quickly to reduce risk to city services and personal data.

How to report a cybersecurity incident

  • Gather basic details: system or service affected, date/time, observed behavior, and contact information for the reporter.
  • Preserve evidence: do not reboot compromised devices, take screenshots, and note filenames or suspicious messages.
  • Contact ITS using official City channels; follow ITS instructions for secure submission and evidence handling.
  • If the incident is criminal (fraud, extortion, unauthorized access), the San Antonio Police Department may investigate in coordination with ITS.
If personal data of residents may be exposed, report immediately and follow ITS guidance for notifications.

Penalties & Enforcement

Enforcement for cybersecurity-related misconduct affecting City systems is administered by the City of San Antonio through its Information Technology Services department in coordination with City legal counsel and, where appropriate, the San Antonio Police Department. Specific fines, penalty amounts, and escalation procedures are not always published on a single public ordinance page; see the City's published technology policies and the municipal code for applicable rules and prosecutorial authority San Antonio Municipal Code[2].

Typical enforcement elements

  • Monetary fines: not specified on the cited page; if monetary penalties apply they are set by ordinance or statute and may be pursued via civil or administrative processes.
  • Escalation: first incidents may prompt remedial orders and account suspensions; repeat or continuing offenses can lead to stronger administrative action or criminal referral—specific escalation ranges are not specified on the cited page.
  • Non-monetary sanctions: access suspension, service restriction, remedial security orders, and referral to criminal investigators or courts.
  • Enforcers: Information Technology Services and the San Antonio Police Department for criminal matters; the City Attorney prosecutes civil or ordinance violations.
  • Appeals and review: appeal pathways and time limits are not specified on the cited pages; appeals typically follow administrative procedures or are handled through municipal or state courts depending on the enforcement instrument.
If you are potentially responsible for an incident, preserve logs and consult counsel before disposing of evidence.

Applications & Forms

No public, resident-facing "cyber incident" application form is published on the linked City technology policy or municipal code pages; residents should use the ITS reporting channels or the SAPD non-emergency contact for criminal complaints as directed by ITS.[1]

Action steps for residents

  • Document what you observed and preserve screenshots, logs, and timestamps.
  • Use the City ITS reporting page or official contact to submit the incident report and follow any secure upload instructions.
  • If you were financially harmed, file a police report with SAPD and keep copies of communications.

FAQ

How do I report a suspected cybersecurity incident affecting a City website or service?
Use the City of San Antonio Technology/ITS contact channels to submit incident details and preserve any evidence; ITS will triage and coordinate investigation with SAPD if criminal activity is suspected.[1]
Will I be notified if my personal data is involved?
Notification procedures depend on the nature of the incident and applicable laws; ITS or the responsible City office will follow legal requirements and notify affected individuals as required. If a specific notification policy is needed, it is not specified on the cited pages.

How-To

  1. Identify scope: note which City service, account, or system is affected, and the time of the event.
  2. Preserve evidence: save screenshots, do not power down affected machines, and note filenames or suspicious messages.
  3. Report to ITS using the official City Technology contact page and provide collected details.
  4. Follow ITS instructions for additional steps, secure data, and any temporary account holds.
  5. If instructed, file a police report with the San Antonio Police Department for criminal investigations.

Key Takeaways

  • Report suspected incidents quickly to ITS to limit impact.
  • Preserve evidence and follow ITS guidance for secure submission.

Help and Support / Resources

  1. [1] City of San Antonio - Technology: official ITS contact and policies.
  2. [2] San Antonio Municipal Code (Municode): city ordinances and administrative code.

Categories

General Governance and Administration Public Safety Public Health and Welfare Land Use and Zoning Housing and Building Standards Transportation Environmental Protection Parks and Public Spaces Business and Consumer Protection Taxation and Finance Labor and Employment Education Civil Rights and Equity Elections and Campaign Finance Events and Special Uses Signs and Advertising Utilities and Infrastructure Technology and Data