Last week, the California Department of Justice admitted that the personal information of hundreds of thousands of gun owners had been leaked online. Now, it appears the data breach was far wider than originally reported.
For about 24 hours, a data breach exposed the names, gender, race, birthdates, addresses, license plates, and criminal histories of Californians who had applied for permits to carry concealed weapons between 2011 and 2021. The news surfaced last week when the Fresno County Sheriff's Office said it had been made aware of the data breach.
However, originally, it had been reported that only the data of those who were granted permits was exposed. But it has now been revealed that the data breach affected all those that had applied, whether they were granted permits or denied.
The state's DOJ said that the breach happened during an update to the Firearms Dashboard Portal last Monday. The department confirmed that the Assault Weapon Registry, Firearm Certificate Safety and Gun Violence Restraining Order, Dealer Record of Sale, and Handguns Certified for Sale dashboards were also compromised.
The department said it was not sure how many people were affected by the breach or whether the data was downloaded. But the California State Sheriffs' Association said that there are indications that the “information was copied and at least some portion of it was posted on the internet” before the breach was detected.
“It is infuriating that people who have been complying with the law have been put at risk by this breach,” said the Butte county sheriff, Kory Honea, the president of the California State Sheriffs' Association. He added that there were concerns about the data breach's risk to permit holders.
California's attorney general Rob Bonta ordered an investigation into the data breach, saying he was deeply disturbed and angered” by the department's failure to protect the data from exposure.
“This unauthorized release of personal information is unacceptable and falls far short of my expectations for this department,” he said.
The California Rifle and Pistol Association said the exposure was “unconscionable” and it exposed permit holders such as law enforcement officials and vulnerable groups like “rape and domestic violence victims.”
The department plans to notify individuals affected by the breach, Bonta said.