According to a Wednesday inquiry, California’s Department of Justice put over 200,000 gun owners’ names, addresses, and birthdays online because employees didn’t follow laws or comprehend their website.
An independent law firm engaged by the California Department of Justice determined that personal information for 192,000 persons was downloaded 2,734 times by 507 distinct IP addresses during a 12-hour period in late June.
All Applied for Concealed Carry Permits
Just days after the U.S. Supreme Court legalised public gun carry, the data was leaked. The ruling overturned California legislation requiring concealed carry applicants to state a safety concern. Then, lawmakers failed to adopt concealed carry permit limits.
Investigators found “no indication that the timing of the (data breach) was driven by a criminal motive or was personally or politically motivated.” After the court judgement, state authorities intended to disseminate anonymized data “to fulfil the expected heightened public interest in firearms-related statistics.”
Attorney Chuck Michel, president of the California Rifle & Pistol Association, said California law penalises deliberate data breaches more severely. Michel said his organisation is contemplating a state class action lawsuit.
The hacked data certainly includes firearms permit applications from courts, law enforcement, and domestic violence victims.
“There are a lot of holes and unresolved issues, probably purposely so,” he remarked. “The investigation continues.”
Morrison Foerster investigated the data breach for the Department of Justice. The business claimed “the mission and liberty to undertake an impartial inquiry that followed the facts and evidence wherever they went.”
Private Twitter Message with Personal Pictures
The investigation found that the California Department of Justice didn’t know about the breach until someone sent Attorney General Rob Bonta a private Twitter message with pictures of the personal information that could be downloaded from the state’s website.
State authorities first suspected fraud. Two unidentified employees—”Data Analyst 1″ and “Research Center Director”—investigated and incorrectly assured everyone that no personal information was publicly accessible.
Due to heavy data downloads, the website collapsed. Unaware of the incident, state authorities restored the website. The website was restored around 9:30 p.m.
State authorities disabled the website at noon the next day. By then, many had downloaded the data.
State officials believed they were sharing anonymized aggregate data for research and media inquiries about California gun usage.
The website Creator Used Personal Databases
Investigators came to the conclusion that neither the person who put together the data nor the people in charge knew how to keep the data from being downloaded by the public.
“This was more than an exposure of data; it was a violation of trust that falls well short of my expectations and the expectations Californians have of our department,” Attorney General Bonta stated in a press release.
“I am deeply offended by this incident and apologise on behalf of the Department of Justice to all those who have been harmed.”
Firearms safety certifications, dealer records of sale, and the state’s assault weapons registry were also accidentally disclosed.
Data on almost 2 million people and 8.7 million gun purchases includes birth dates, gender, and driver’s licence numbers. According to investigators, such databases are insufficient for identifying anyone.
Investigators advised state authorities to teach and update rules and procedures. “This shortcoming demands prompt repair,” Bonta added.