A massive leak of personal information from a California state database for permits to carry concealed weapons is larger than initially reported, officials said this week.
The revelation came a day after the Fresno County Sheriff’s Office announced Tuesday that it had been informed of a data breach affecting every person with a California concealed-carry permit. The California Department of Justice said Wednesday that the leak was more extensive, affecting not only current permit holders but anybody who was granted or denied a permit to carry a concealed weapon between 2011 and 2021.
The data was exposed when the Department of Justice updated its Firearms Dashboard Portal on Monday, state Attorney General Rob Bonta’s office said in a statement.
The information included names, dates of birth, gender, race, driver’s license numbers, addresses and criminal histories, according to the statement. Social Security numbers and financial information were not exposed.
In addition to information from the concealed-carry permit applications, data on the Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Safety Certificate and Gun Violence Restraining Order dashboards were “also impacted,” Bonta’s office said. Authorities are investigating whether any personally identifiable information was exposed from those dashboards.
“This unauthorized release of personal information is unacceptable and falls far short of my expectations for this department,” Bonta said. “I immediately launched an investigation into how this occurred at the California Department of Justice and will take strong corrective measures where necessary.”
The Justice Department is entrusted to protect Californians and their data, he said, adding that he was “deeply disturbed and angered.”
The California State Sheriffs’ Association said it was “alarmed” to learn of the breach.
“It is infuriating that people who have been complying with the law have been put at risk by this breach,” said Butte County Sheriff Kory Honea, the association’s president. “California’s sheriffs are very concerned about this data breach and the risk it poses to California’s CCW permit holders.”
All California law enforcement agencies that issue concealed-carry weapons permits are required to provide “certain information” about permit holders to the Justice Department, “which in turn is required to safeguard that information,” according to a statement by the sheriffs’ association.
“It appears that before the breach was detected by DOJ, the information was copied and at least some portion of it was posted on the Internet,” the statement said.
Justice Department officials said the data was exposed for less than 24 hours.
The California Rifle and Pistol Association called the incident “a privacy breach of stunning proportions.”
The association demanded that the Justice Department not restore the dashboard until it’s certain that no private information can be accessed.
Leaked data puts thousands of people at risk, including judges, prosecutors and law enforcement officers, said the firearms group, which called the breach “a massive violation of California law.”
“CRPA and our attorneys are exploring all options, up to and including litigation, to protect the privacy of California gun owners who are now in danger thanks to the DOJ,” the association said. “All citizens of California should be concerned about this type of reckless care of the data the state holds on its citizens.”
The Rifle and Pistol Association demanded an independent investigation into the leak and said the Justice Department had to act promptly “to be completely transparent about what occurred [and] take all steps necessary to limit the damage.”
The state dashboard was billed as a way to improve transparency and information sharing for data related to firearms. It contained information from the last decade on dealer records of sales, gun violence restraining orders, concealed-carry permits, firearms safety certificates, assault weapons and a roster of certified handguns, according to a statement by Bonta’s office.
Officials will notify people affected by the data breach “and provide additional information and resources” in the coming days, the Justice Department said Wednesday.
The agency will provide credit monitoring services for those whose data was exposed by the leak and will directly contact those individuals to provide instructions on how to sign up.
©2022 Los Angeles Times. Distributed by Tribune Content Agency, LLC.