A data breach of concealed carry weapons (CCW) permit holders at the statewide level is turning out worse than originally reported.
The California Department of Justice revealed Wednesday that there was a data breach in connection with the update of its Firearms Dashboard Portal that took place on Monday.
Following the revelation, the Fresno County Sheriff’s Office said it was surprised by the scope of the data breach.
Some of the information that was exposed “came as a surprise to us at the Fresno County Sheriff’s Office,” the agency – which first alerted the public to the breach – said in a statement.
The data breach exposed the personal information of people who were granted or denied a CCW permit between 2011-2021.
The exposed information included names, date of birth, gender, race, driver’s license number, addresses and criminal history, the department of justice said.
Data from the following dashboards were also impacted: Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Certificate Safety and Gun Violence Restraining Order dashboards.
Social Security numbers and any financial information were not exposed as part of the breach.
“This unauthorized release of personal information is unacceptable and falls far short of my expectations for this department,” said Attorney General Rob Bonta in a statement.
“I immediately launched an investigation into how this occurred at the California Department of Justice and will take strong corrective measures where necessary. The California Department of Justice is entrusted to protect Californians and their data. We acknowledge the stress this may cause those individuals whose information was exposed. I am deeply disturbed and angered.”
The data breach was the own doing of the department.
On Monday, the department posted its update to the Firearms Dashboard Portal where it made the previously mentioned exposed information accessible in a spreadsheet on the portal.
The department learned of the exposure and fixed the problem within 24 hours.
The department said it will notify the impacted individuals in the coming days.
“DOJ asks that anyone who accessed such information respect the privacy of the individuals involved and not share or disseminate any of the personal information,” the department said in a statement. “In addition, possession of or use of personal identifying information for an unlawful purpose may be a crime.”
The department will also provide credit monitoring services for people who had their data exposed “in an abundance of caution.”