SACRAMENTO – The personal information of California residents who received or were denied a concealed and carry weapons permit between 2011 and 2021 was wrongly disclosed online this week, according to the California Attorney General’s Office.
The data breach, which could potentially involve hundreds of thousands of gun owners, occurred as part of an update to the state Department of Justice’s 2022 Firearms Dashboard Portal, the office said in a statement Wednesday. The information included names, birthdates, addresses, driver’s license numbers and criminal histories. Social Security numbers and financial information were not disclosed.
Five other state-operated databases were also affected. They included the Assault Weapon Registry, Firearm Safety Certificate and Domestic Violence Restraining Order dashboards.
“This unauthorized release of personal information is unacceptable and falls far short of my expectations for this department,” Attorney General Rob Bonta said in a statement.
The office said the DOJ was “investigating the extent to which any personally identifiable information could have been exposed from those dashboards and will report additional information as soon as confirmed.”
After making the updates on Monday afternoon, the DOJ learned that the personal information was accessible in a spreadsheet on the portal, according to the office. The DOJ took steps to remove the information from public view and shut down the dashboard Tuesday morning. The office said the dashboard and data were available for “less than 24 hours.”
The office did not immediately respond to a message seeking an estimate of the number of people affected by the breach. The Associated Press reported that the breach could potentially involve hundreds of thousands of gun owners who applied for CCW permits.
Roughly 40,000 CCW permits were issued last year, down from more than 100,000 during the peak year of 2016, according to information on the DOJ’s website.
The personal information may have been posted on social media websites, the Fresno County Sheriff’s Office said in a statement Tuesday afternoon. The sheriff’s office said it learned about the breach from the California State Sheriff’s Association.
The California Rifle and Pistol Association noted that the breach came days after the U.S. Supreme Court threw out New York’s requirement that those seeking to carry concealed weapons provide a reason. That also derailed California’s similar requirement, though state lawmakers and Bonta are working to impose new requirements.
Bonta said he immediately launched an investigation into how the breach occurred at the DOJ, adding that he plans to “take strong corrective measures where necessary.”
“The California Department of Justice is entrusted to protect Californians and their data,” he said. “We acknowledge the stress this may cause those individuals whose information was exposed. I am deeply disturbed and angered.”
The CSSA on Wednesday issued an alert to make CCW permit holders aware of the breach.
“It is infuriating that people who have been complying with the law have been put at risk by this breach,” CSSA President and Butte County Sheriff Kory Honea said in a statement. “California’s sheriffs are very concerned about this data breach and the risk it poses to California’s CCW permit holders.”
The breach included information on law enforcement officials including judges, as well as others who had sought CCW permits “like rape and domestic violence victims,” according to the CRPA.
The Attorney General’s Office said the DOJ will notify those individuals whose data was exposed as well as provide additional information and resources, as required by state law. Individuals can also take steps to protect themselves by monitoring their credit and placing free credit freeze and fraud alerts on their credit report.
Check back for updates. The Associated Press contributed to this report.