The fallout from the Department of Justice’s unintentional publication of private information about California firearm owners continued yesterday. The public learned the leak could have been more extensive than initially thought. The California State Sheriff’s Association expressed their alarm about the risk this leak could pose to constituents with a concealed carry permit. California Attorney General Rob Bonta assured residents his office had “launched an immediate investigation” to understand how the data came to be public.
On Tuesday, as the news emerged that California’s gun owners had their private information leaked by the state’s lead law enforcement entity, Bonta’s office remained silent. Yesterday, Bonta broke that silence confirming the data had been available online via the Firearms Dashboard accessible for less than 24 hours. He promised an immediate investigation was begun and admitted that the leak included many more types of gun owners other than CCW holders.
Any California who has a firearm registered on the Assault Weapon Registry, who has completed the Firearm Safety Certificate, or has been issued a Gun Violence Restraining Order could have had their personal details leaked. Regarding firearms transactions, firearm owners who completed the certificated sale of a handgun and any Dealer Record of Sale could also be compromised.
What data was revealed about those on these lists? Bonta said the leak included “names, date of birth, gender, race, driver’s license number, addresses, and criminal history.”
On Tuesday, the first entity to publicly express concern about the data leak was the Fresno County Sheriff’s Office. By yesterday, the California State Sheriff’s Association had jumped into the fray. In a press release, they said it was “infuriating that people who have been complying with the law have been put at risk from this breach.” The CSSA vowed to continue engaging with the DOP “to ensure that the risk to CCW permit holders is mitigated and a breach of this nature does not happen again.”
Despite the fact the DOJ had shut down access to the Firearms Dashboard, the CSSA asserted that when the information had been publicly available, “the information was copied and at least some portion of it was posted on the internet.”
On Monday, January 27, 2022, a press release from Bonta announced the Department of Justice had published the “2022 Firearms Dashboard Portal” to reportedly “help the public access data on firearms in California.” Bonta’s original statement about the Firearms Dashboard sounds very different than intended in the wake of the data leak: “The dashboard puts power and information into the hands of our communities by helping them better understand the role and potential dangers of firearms within our state.”
As is common on many online databases, users could download the metadata that generated the dashboard’s information. The Firearm Dashboard’s metadata, available to anyone who visited the website, included the personal information of California’s gun owners.
Humboldt County Sheriff William Honsal said in a statement, “I am deeply concerned to hear about this breach of sensitive information belonging to Humboldt County CCW Holders.” He promised to communicate with the DOJ and the Attorney General’s office “to ensure that something like this doesn’t happen again.”
Mendocino County Sheriff Matt Kendall likened the data leak to concerns once voiced by local cannabis farmers that the location of the cannabis farms could be accessed using the Public Records Act. Leaked private data, of any type, “is a problem to me,” Sheriff Kendall said.
He expressed concern that the data leaked by the DOJ’s databases, could provide the opportunity for “crooks to come to homes and victimize good, law-abiding citizens.”
The greater implications of this lack of security could further the distrust of the state government in “a time when we are already polarized,” Sheriff Kendall said.
Attorney General Bonta is saying that all those affected by the data leak will be contacted by his Office to “notify those individuals whose data was exposed and provide additional information and resources. He said that the DOJ will be providing “credit monitoring services” to all those affected and suggested a number of strategies to prevent identity theft.