About the Data Leak
A state website in California disclosed private information of any user who registered for CCP (concealed Carry Weapons) permits during 2011-2021. The California Department of Justice says the incident happened last week, in the blunder, the US state's firearms dashboard portal was overwhelmed.
Besides the portal breach, the data was also leaked on various other online dashboards like- Assault Weapon Registery, Dealer Record of Sale, Firearm Safety Certificate, Certified for Sale, Dealer Record of Sale, Gun Violence Restraining Order, and Firearm Safety Certificate dashboards.
What are the experts saying?
"The California cyber-gaffe comes at a time when data privacy is at the forefront of the national debate, in large part because of the US Supreme Court's recent decision to overturn Roe vs. Wade, which has called into question what personal data is collected, retained — and potentially sold or shared," reports the Register.
California Department of Justice says that data and dashboards were accessible to the public for 24 hours. The data leaked include Gender, Race, Date of Birth, driver's license info, criminal histories, and addresses. However, it didn't expose financial information and social security numbers.
Info exposed in the Data Leak
But still, some personal information may have been leaked on social media websites, says Fresno County Sheriff's Office, which found the data leak. The state DOJ will inform California users whose data was leaked and will give additional info and details about soon. It also includes credit monitoring services for impacted users.
"I immediately launched an investigation into how this occurred at the California Department of Justice and will take strong corrective measures where necessary," said Rob Bonta, California Attorney General, in a statement. He also said that he was deeply sorry and unsettled by the incident.
The office didn't address the issue immediately, denying to provide info about the number of users affected and a number of California residents that apply for concealed weapons permit every year but are denied.
Tim Marley, VP for audit, risk, and compliance at Cerberus Sentinel said that "the failure to keep stakeholders' sensitive data confidential is coming with greater consequences for organizations in the United States."
