A massive leak of personal information from a California concealed weapons-carrying permit database is larger than initially reported, officials said Wednesday.
The revelation came a day after the Fresno County Sheriff’s Office said it was notified of a data breach affecting anyone with a California concealed carry permit.
On Wednesday, the California Department of Justice said the leak was broader, affecting not just current permit holders but anyone who was granted or denied a permit to carry a concealed weapon between 2011 and 2021.
The data was released as the Justice Department updated its Firearms Dashboard Portal on Monday, Atty said. General Rob Bonta’s office said in a statement.
The information included names, dates of birth, gender, race, driver’s license numbers, address and criminal record, the statement said. Social security numbers and financial information were not disclosed.
In addition to the information from the concealed carry permit applications, “also data from the Assault Weapons Register, Handguns Registered for Sale, Dealer’s Proof of Sale, Firearm Safety Certificate, and Gun Force Restriction Dashboards” are “affected,” Bontas said Office, but authorities are investigating whether personal data has been disclosed by these dashboards.
“This unauthorized disclosure of personal information is unacceptable and falls far short of what I expected from this department,” Bonta said. “I immediately opened an investigation with the California Department of Justice into how this occurred and will take strict corrective action as necessary.”
The Justice Department is charged with protecting Californians and their privacy, he said, adding that he was “deeply concerned and upset.”
The California State Sheriffs’ Assn. said it was “disturbed” to learn of the breach.
“It is upsetting that people who have followed the law have been put at risk by this violation,” said Butte County Sheriff Kory Honea, the association’s president. “California Sheriffs are very concerned about this data breach and the risk it poses to California CCW permit holders.”
All California law enforcement agencies that issue concealed carry permits are required to provide “certain information” about permit holders to the Justice Department, “which in turn must protect that information,” according to a statement from the Sheriffs’ Association.
“It appears that the information was copied and at least a portion of it was published on the Internet before the violation was discovered by the DOJ,” the statement said.
Justice Department officials said the data was disclosed for less than 24 hours.
The department had posted updates on the portal on Monday afternoon and was later “made aware of a disclosure of personal data that was accessible in a spreadsheet on the portal,” the agency said in a statement. Officials removed the information from the public and shut down the firearms dashboard Tuesday morning.
The California Rifle and Pistol Assn. called the incident “an invasion of privacy of staggering proportions”.
The association asked the Justice Department not to restore the dashboard until it is certain that no private information can be accessed.
Leaked data puts thousands of people at risk, including judges, prosecutors and law enforcement officials, said the firearms group, which described the breach as a “massive violation of California law.”
“CRPA and our attorneys are exploring all options, including litigation, to protect the privacy of California gun owners who are now at risk thanks to the DOJ,” the association said. “All Californians should be concerned about this kind of reckless maintenance of the data that the state holds on its citizens.”
The Rifle and Pistol Assn. called for an independent investigation into the leak and said the Justice Department must act immediately “to be fully transparent about what happened.” [and] take all necessary measures to limit the damage.”
The government dashboard was billed as a way to improve transparency and information sharing for firearms-related data.
According to a statement from Bonta’s office, it contained information from the past decade on dealer records of sales, gun violence injunctions, concealed carry weapons permits, firearm safety certificates, assault weapons safety certificates and a list of certified handguns.
“The DOJ is attempting to balance its obligations to provide gun violence and firearms data in support of research efforts while protecting the personally identifiable information in the data the department collects and stores,” Monday’s statement said.
Officials will provide those affected by the data breach “and additional information and resources” in the coming days, the Justice Department said Wednesday.
The agency will provide credit monitoring services to those whose details were exposed by the leak and will contact those individuals directly to provide instructions on how to sign up.
https://www.latimes.com/california/story/2022-06-29/california-concealed-carry-weapons-permit-data-exposed-in-leak 10 years of California concealed-carry permit data exposed in leak