SACRAMENTO, Calif. (KSEE/KGPE) – An independent investigation into the release of names, addresses, and license types of every CCW holder in California earlier this year established that approximately 192,000 individuals had their information made public, according to the California Department of Justice.
The statement released Wednesday by the state AG’s office described the release as “unacceptable.” It also revealed that the investigation into the release was conducted by independent legal and forensic cyber experts.
The breach came after the publication of the state’s 2022 Firearms Dashboard Portal on June 27 and 28. It was the next day when officials removed public access to the database after officials realized that the confidential personal data of CCW holders had also been released. The information included the CCW holders’ names, age, address, Criminal Identification Index (CII) number, and license type (Standard, Judicial, Reserve, and Custodial). The information included every CCW holder in the state.
“This was more than an exposure of data, it was a breach of trust that falls far short of my expectations and the expectations Californians have of our department,” said Attorney General Rob Bonta in the statement released Wednesday. “I remain deeply angered that this incident occurred and extend my deepest apologies on behalf of the Department of Justice to those who were affected.”
The investigation by the law firm Morrison Foerster established that the data release was unintentional and due to a number of deficiencies within the DOJ. The deficiencies cited included a lack of training, expertise, and professional rigor; insufficient documentation, policies, and procedures; and inadequate oversight.
Officials with the California DOJ say the department will implement all recommendations from the investigation, including a review of all DOJ policies and procedures regards handling confidential personal data, enhanced training, and develop a detailed data incident plan.
A copy of the report can be found here and more information about the data exposure can be found here.