The County was hacked — and that fact was never disclosed to the public. The phishing incident that followed was an unsuccessful fraud attempt: no County money was lost, and no funds ever left the banking system. Not one dollar, certainly not a million dollars as my opponent and certain board members are now falsely stating.
This hacking incident was possible because of a breakdown in the County’s cybersecurity that left the Resource Management Agency (RMA) vulnerable. County Information Technology (IT) later confirmed to me that they were aware of this bad actor’s activity on the County network well before the attempted fraud, yet neither the Resource Management Agency nor the Auditor’s Office was informed. That’s right, the CAO and Board of Supervisors were aware there was malware in the county system, yet decided to not inform the Auditors Office!
The Auditor does not supervise IT, but I now Joe Paul has taken on the responsibility of insisting on full transparency about what steps are being taken to stop hacking and cyber‑fraud and to protect County operations going forward. The public deserves clear, accurate information — and a system that prevents this from happening again. This insistance on transparency has resulted in certain board members shifting the blame to the Auditor and his department, yes, the very department that discovered and stopped the phishing incident and saved the county monies is now being made the scapegoat.
Let’s talk about the county Phishing Incident
Many false statements have been made by certain Board members for their own personal political gain and by my opponent. Putting it in simple terms, those statements are lies. No money was lost from the county. None, not one dollar ever left the bank! And what is more troubling is that they know this, and continue to lie to the public about it. It’s disappointing to see a CPA circulate a mailer that misstates basic facts and combines unrelated numbers to inflate a headline. Ask yourself, do you want to elect an Auditor Controller who is willing to lie to you about something so basic as this?
The office of the Auditor Controller caught the Library fraud and reported it to Ray Espinoza, the County Administrative Officer (CAO), and Board of Supervisors made up of Kollin Kosmicki, Dom Zanger, Bea Gonzales, Mindy Sotelo and Angelo Curo.
Instead of holding the department head accountable for the mismanagement of the department, certain current Board members have instead focused their energies on shifting the blame to the office that discovered and reported the fraud!
The Auditor-Controller does not supervise deparment heads. That is the job of the CAO and Board of Supervisors. The auditor-controller is tasked with auditing accounts and internal controls, not supervising the officials, as defined in Government Code § 26883.
Let’s talk about the Library Fraud
The Auditor‑Controller’s Office identified a pattern of fraudulent invoices and personal purchases that had been approved without proper oversight by the department head. California Government Code § 25303 states that the Board of Supervisors shall supervise the official conduct of all county officers and department heads, except where the law assigns supervision elsewhere. This is the legal foundation for the CAO’s authority over department heads, because the Board delegates day‑to‑day administrative supervision to the CAO.
The Board of Supervisors Rewarded the Libarian
With full retirement benefits and a Certificate of Recognition
The then board of Supervisors decided against the Auditor’s advice and instead rewarded the county Libarian who had effectively “retired on the job” with full retirement benefits, including health. They also head a public ceremony in the county chambers where the retirment was announced and a county award of recognition was presented. This is a matter of public record.
The Board of Supervisors Supervise Dept Heads not the Acounty Auditor Controller
Government Code § 25303 is very expicit.
The LAW is very clear: Department heads do NOT report to the Auditor‑Controller (Government Code § 25303)
1. Department Heads Report to the CAO or the Board of Supervisors
Government Code § 29741 — Department Heads Certify Their Own Claims: Each department head is responsible for managing their own operations, staff, contracts, and spending.
They certify that invoices, contracts, and expenditures are accurate, legitimate, and received before anything reaches the Auditor‑Controller.
The Auditor‑Controller does not supervise their work, discipline them, or approve their operational decisions.
Any candidate who suggests the Auditor‑Controller supervises department heads is not qualified for the position and does not understand the legal framework that defines the office.
And when a Supervisor makes that claim, it distracts from their own statutory responsibility to oversee department heads and ensure those departments meet their obligations. Misleading the public does not change the facts.
Let’s talk about the Library Fraud
This is one of the most intentionally misrepresented fact during my election for Re-Auditor Controller by self serving individuals wishing to further their own political gains.
Who Supervises Dept Heads?
My record is built on transparency, accountability, and protecting public funds — not political theater.
It is plain and simple and written in both State and Government Code Any candidate who suggests the Auditor‑Controller supervises department heads is not qualified for the position and does not understand the legal framework that defines the office.
As Auditor‑Controller, my duty is to uphold the law and maintain independence from political influence. Re‑Elect Joe Paul Gonzalez, Auditor‑Controller, to keep your independent watchdog working for the people of San Benito County.