California Criminal Defense, Cryptocurrency, Immigration And Personal Injury Legal Blog

Contact Us For Your Free Consultation

Federal Cybercrime Charges in San Diego

Posted by Bulldog Law | Mar 24, 2026

The Computer Fraud and Abuse Act, How ‘Unauthorized Access' Is Prosecuted in the Southern District, and What Defense Counsel Must Do Immediately

You accessed a former employer's database after your credentials were revoked. Or you used a shared login to access a system you were not explicitly authorized to use. Or you ran a vulnerability test on a network without written authorization. Or federal agents executed a search warrant and seized every device in your home after tracing an IP address to your internet connection. Any of these scenarios can result in federal charges under 18 U.S.C. § 1030 in San Diego.

The Computer Fraud and Abuse Act is one of the most broadly written and aggressively enforced federal statutes on the books. Its central concept, “unauthorized access” or “exceeding authorized access,” has been interpreted so broadly by some courts that security researchers, former employees, and individuals who violated a website's terms of service have all found themselves facing federal felony prosecution. In San Diego, the FBI's Cyber Division and the Southern District U.S. Attorney's Office prosecute CFAA cases across a range of conduct, from sophisticated hacking operations to employment-related access disputes.

The Bulldog Law handles federal cybercrime defense in the Southern District and tracks CFAA developments on defense blog. This article explains what § 1030 actually covers, where the authorization boundaries are legally contested, and how experienced defense counsel challenges these cases.

What 18 U.S.C. § 1030 Covers: The Computer Fraud and Abuse Act

The CFAA prohibits several categories of computer-related conduct, each carrying different penalties. The unifying concept is access to a “protected computer,” which includes any computer used in interstate or foreign commerce or communication, a definition broad enough to cover virtually every internet-connected device.

The Key Prohibited Conduct Categories

The most commonly charged CFAA provisions in Southern District prosecutions are:

  • § 1030(a)(2): Intentionally accessing a computer without authorization or exceeding authorized access, and obtaining information from a financial institution, the U.S. government, or any protected computer. Felony carrying up to 5 years per count (10 years for a second offense).
  • § 1030(a)(4): Knowingly accessing a protected computer without or in excess of authorization, with intent to defraud, obtaining anything of value. Felony carrying up to 5 years.
  • § 1030(a)(5): Knowingly causing the transmission of a program, code, or command that intentionally damages a protected computer without authorization. Felony carrying up to 10 years for intentional damage.
  • § 1030(a)(6): Knowingly trafficking in passwords or access credentials with intent to defraud. Misdemeanor or felony depending on circumstances.
  • § 1030(a)(7): Threatening to damage a computer or data in order to extort money or other value. Felony carrying up to 5 years, the ransomware provision.

THE AUTHORIZATION PROBLEM: The CFAA's central concept, “without authorization” or “exceeding authorized access,” is one of the most contested terms in all of federal criminal law. The Supreme Court's 2021 decision in Van Buren v. United States narrowed the “exceeds authorized access” theory, holding that it applies only to information a person is not permitted to access, not to the purpose for which they access otherwise-permitted information. This decision significantly limited CFAA prosecution theories that had been used against employees who accessed company data for improper purposes.

The Loss Threshold and Felony Exposure

CFAA penalties escalate dramatically based on the amount of “loss” caused. Loss under the CFAA includes not just the value of stolen data but also response costs, incident response fees, security audits, system restoration costs, and lost revenue during system downtime. These response costs frequently inflate loss calculations far beyond the actual value of the accessed information. When loss exceeds $5,000 during any one-year period, the § 1030(a)(2) and (a)(4) charges become felonies. We challenge loss calculations aggressively. Reducing loss below threshold amounts can convert felony charges to misdemeanors.

Why San Diego Is a Significant Federal Cybercrime Prosecution District

Defense Contractors and Classified Network Access

San Diego's massive defense contracting sector, including companies supporting Naval Base San Diego, SPAWAR Systems Center Pacific, and Marine Corps installations, creates a unique category of federal cybercrime prosecution. Employees who access classified networks, DoD systems, or contractor proprietary databases without proper authorization face CFAA charges alongside potential Espionage Act liability. The FBI's San Diego Field Office coordinates with NCIS (Naval Criminal Investigative Service) on these cases, which are treated with exceptional prosecutorial priority.

Sorrento Valley and Biotech IP Theft

San Diego's Sorrento Valley biotech and pharmaceutical corridor generates federal cybercrime investigations arising from intellectual property theft, employees who exfiltrate proprietary research, clinical trial data, or trade secrets to competitors or foreign entities before departing. These cases are charged under both the CFAA and the Defend Trade Secrets Act (18 U.S.C. § 1836), and are often referred to the FBI after a company's digital forensics investigation identifies unusual data access patterns before termination.

Cross-Border Cybercrime Operations

San Diego's proximity to the border creates cross-border cybercrime cases involving networks that operate from both sides of the US-Mexico border. HSI and the FBI's Cyber Division jointly investigate these operations, and the Southern District prosecutes them with the same resources it brings to drug trafficking and money laundering cases. When cross-border cyber operations involve financial fraud or identity theft, CFAA charges accompany wire fraud, identity theft, and money laundering counts.

Social Engineering and Account Takeover

San Diego's large military and government workforce makes it a recurring target for social engineering attacks, SIM swapping schemes, and account takeover operations that access protected email and financial accounts. When the target accounts belong to government employees, the “protected computer” threshold is easily met and federal prosecution under § 1030(a)(2) follows quickly after the FBI's Cyber Division traces the attack.

Where Federal Cybercrime Cases Are Prosecuted in San Diego

Federal cybercrime charges under 18 U.S.C. § 1030 are prosecuted in the United States District Court for the Southern District of California:

U.S. District Court Southern District of California
333 West Broadway, San Diego, CA 92101
U.S. Attorney's Office: 880 Front Street, San Diego, CA 92101

Cybercrime cases in the Southern District are handled by the National Security and Cybercrime section of the U.S. Attorney's Office in coordination with the FBI's Cyber Division, HSI Cyber Crimes Center, and for defense contractor cases, NCIS. These cases involve significant digital forensic evidence and require immediate engagement of independent technical experts to challenge the government's digital evidence methodology.

CFAA Defense Strategies in the Southern District of California

The Bulldog Law's federal criminal defense practice evaluates every CFAA case for technical, legal, and factual defense opportunities from the moment of retention:

Challenging Authorization: The Van Buren Defense

Following Van Buren v. United States (2021), the “exceeds authorized access” theory applies only to accessing information a person is not permitted to access, not to misusing access that was otherwise authorized. Employees who had valid credentials and accessed information they were permitted to access, but did so for an improper purpose, do not “exceed authorized access” under Van Buren. This decision eliminated a major category of CFAA prosecution theory and is the starting point of every employment-related access defense.

Challenging Digital Forensic Evidence

Federal cybercrime cases are built almost entirely on digital forensic evidence, log files, access records, network traffic captures, device images, and metadata. We retain independent digital forensics experts to review the government's forensic analysis, challenge attribution of specific online activity to our client, identify chain of custody failures in the handling of digital evidence, and present alternative technical explanations for the access patterns the prosecution characterizes as criminal.

IP Address Attribution Challenges

An IP address identifies an internet connection, not a person. In household networks, shared workspaces, VPNs, Tor exit nodes, and compromised routers, the person who used a particular IP address is not necessarily the account holder. We challenge IP-based attribution through independent network forensics, evidence of third-party access, and technical testimony on the limitations of IP address identification as proof of individual identity.

Challenging the Loss Calculation

Loss under the CFAA includes incident response costs that companies routinely inflate far beyond any realistic connection to the alleged access. We challenge loss calculations by analyzing every cost component for its genuine connection to the alleged offense, presenting evidence of pre-existing security deficiencies that required remediation independent of any alleged breach, and contesting the government's characterization of routine security spending as CFAA-related loss. Reducing loss below $5,000 converts felony charges to misdemeanors.

Lack of Criminal Intent

Many CFAA cases in San Diego arise from security research, penetration testing, or exploratory access that was not authorized in writing but was not malicious in intent. While the absence of written authorization creates legal exposure, the absence of criminal intent is highly relevant to charging decisions, plea negotiations, and sentencing. We present evidence of the defendant's good faith belief in the legitimacy of their access and the absence of any intent to cause damage or obtain unauthorized benefit.

FBI at Your Door for a Cybercrime Investigation in San Diego? Do This Now

  1. Do not speak to FBI Cyber Division agents, HSI Cyber Crimes investigators, or NCIS agents without retaining federal defense counsel first. Unlike many other federal investigations, cybercrime cases often involve subjects who are technically sophisticated and believe they can explain away the allegations. Every explanation you offer becomes evidence. Invoke your right to remain silent immediately.
  2. Do not attempt to delete logs, clear caches, wipe devices, or otherwise destroy digital evidence after learning of an investigation. Evidence destruction in a federal cybercrime case is obstruction of justice, and federal forensic investigators are specifically trained to detect evidence of deletion and tampering. Digital evidence destruction will dramatically worsen your position.
  3. If a search warrant is executed, do not provide passwords, encryption keys, or biometric authentication to unlock devices beyond what the warrant specifically compels. The Fifth Amendment's applicability to compelled decryption is an actively litigated area of law. Contact The Bulldog Law before complying with any compelled decryption demand.
  4. Preserve all documentation of your authorization to access the systems at issue, employment agreements, network access policies, written authorizations, security clearance documentation, and any communications from supervisors or system administrators authorizing your access. This documentation is the foundation of the authorization defense.
  5. If you are a security researcher or penetration tester, gather all scope-of-work agreements, rules of engagement documents, and written authorizations for testing activity. The absence of written authorization is the government's primary evidence in many security research cases.
  6. Call The Bulldog Law at (888) 928-1609. Federal cybercrime cases involve evidence that degrades quickly and legal issues that must be evaluated before any government interview. Early engagement of defense counsel is critical.

Contact The Bulldog Law From Your San Diego County Community

The Bulldog Law defends clients facing federal cybercrime charges throughout San Diego County and the Southern District. Reach us from your community:

Sorrento Valley / Mira Mesa: San Diego's biotech and tech corridor clients facing IP theft and CFAA charges can reach The Bulldog Law through our San Diego law office serving the entire city.

Encinitas: North Coastal clients in Encinitas, Carlsbad, and Solana Beach can reach us through our Encinitas office page.

Poway: North inland clients in Poway, Rancho Bernardo, and Scripps Ranch, including defense contractor employees and tech professionals, can contact us through our Poway office page.

We also serve clients in Chula Vista, El Cajon, National City, La Mesa, Vista, Escondido, Coronado, Lemon Grove, and all surrounding San Diego County communities.

View our complete San Diego County service area or contact our San Diego office directly:

San Diego Office
501 West Broadway, Suite 800 San Diego, CA 92101
Phone: (888) 928-1609

Frequently Asked Questions

What did Van Buren v. United States change about CFAA prosecutions?

In Van Buren v. United States (2021), the Supreme Court held that a person “exceeds authorized access” under the CFAA only when they access information they are not entitled to obtain, not when they access information they are permitted to access but do so for an improper purpose. This significantly narrowed the CFAA's reach in employment cases. Before Van Buren, employees who used valid credentials to access company data for personal benefit or to assist a competitor could be charged with exceeding authorized access. After Van Buren, that theory no longer works. The government must prove the defendant accessed information they had no authorization to access at all.

Can accessing a former employer's system after termination be a federal crime?

Yes. Once employment ends and credentials are revoked, any access to the former employer's systems is “without authorization” under the CFAA regardless of what information is accessed. The termination of employment terminates authorization. This is one of the most common CFAA prosecution patterns in San Diego's tech and biotech sector, a departing employee accesses systems after their last day, either to retrieve personal files or exfiltrate proprietary data. We challenge these cases through evidence of implied authorization, ambiguous credential revocation, and the nature and purpose of the access.

What is the “loss” threshold for a federal CFAA felony?

Under the CFAA, conduct that causes loss of $5,000 or more during any one-year period triggers felony prosecution under § 1030(a)(2) and (a)(4). Loss includes not just the value of stolen data but also costs incurred in responding to the offense, incident response fees, security audits, system restoration, and business interruption costs. Companies and government agencies routinely submit loss figures that include extensive pre-existing security remediation work as CFAA-related loss. We challenge every component of the loss calculation and present evidence that much of what the government characterizes as loss was incurred independently of any alleged unauthorized access.

Does security research or penetration testing create CFAA liability in San Diego?

It can, and this is one of the most concerning aspects of the CFAA. Security researchers who test systems without explicit written authorization risk federal prosecution even when their intent was to identify and report vulnerabilities. The CFAA has been used against researchers who disclosed vulnerabilities without written authorization, who tested systems beyond the scope of a written engagement, or who accessed publicly accessible data in automated ways. We advise security professionals on CFAA risk and, when researchers face prosecution, build defenses centered on the absence of criminal intent and the public benefit of the research.

Can a minor cybercrime charge in San Diego lead to federal prosecution?

Yes, because the CFAA's “protected computer” standard covers virtually every internet-connected device, even minor unauthorized access to a website, cloud service, or network can satisfy the statute's threshold. The charging decision depends on the loss amount, the nature of the accessed information, and the government's assessment of the defendant's intent and sophistication. Cases involving government systems, financial institutions, or defense contractor networks are almost always federally prosecuted regardless of the technical scale of the access. Cases involving private networks with minimal loss are more likely to result in civil remedies than federal prosecution.

What is the Defend Trade Secrets Act and how does it interact with CFAA charges?

The Defend Trade Secrets Act (DTSA, 18 U.S.C. § 1836) is a federal civil and criminal statute that protects trade secrets from misappropriation. In San Diego, DTSA charges are frequently filed alongside CFAA charges in cases involving employees who download proprietary data before leaving for a competitor, particularly in the biotech, pharmaceutical, and defense contractor sectors. DTSA criminal charges carry up to 10 years in federal prison.

We defend both the CFAA and DTSA counts as a unified defense strategy, challenging the trade secret designation of the alleged stolen information and the authorization to access and retain it.

About the Author

Bulldog Law

Bulldog Law is a dedicated criminal defense, personal injury, and cryptocurrency dispute resolution firm with licensed attorneys and experienced support staff across California. Our team of trial attorneys, paralegals, and legal professionals brings decades of combined experience handling complex state and federal matters  including serious felonies, DUI, domestic violence, special education law, employment disputes, and high-stakes crypto fraud recoveries. We pride ourselves on thorough case preparation, aggressive advocacy, and personalized client service. Every blog post is researched and reviewed by members of our legal team to provide practical, up-to-date information for individuals and businesses facing legal challenges. If you need trusted legal representation or have questions about your case, contact Bulldog Law today at (888) 928-1609 for a confidential consultation. Offices throughout California including Glendale, Sacramento, San Francisco, San Diego, and more.

We offer criminal defense, immigration, personal injury and cryptocurrency legal services in both English and Spanish. Call us at (888) 928-1609 for a free consultation.


Menu