California Gun Owners Had Lots of Their Data Exposed by the State Government

California Gun Owners Had Lots of Their Data Exposed by the State Government
Photo: GEOFFROY VAN DER HASSELT / AFP, Getty Images

A data breach at the California Department of Justice has spilled a wealth of data about the state’s gun owners onto the internet.

The breach, which involved “2022 Firearms Dashboard Portal” — a website launched Monday — revealed names, birthdays, addresses, ages, the purchase date and type of firearm permit they possessed, and their Criminal Identification Index numbers, which are used to track state and federal criminal records. Included in this trove were the identities of every concealed carry permit holder in the state — information that, by its very nature, is supposed to be secret. The data also apparently included information on whether carriers were judges or members of law enforcement. The DOJ pulled all links to the site after it learned of the failure to protect the data.

“We are investigating an exposure of individuals’ personal information connected to the DOJ Firearms Dashboard,” said a statement from the DOJ’s office provided to The Trace. “Any unauthorised release of personal information is unacceptable. We are working swiftly to address this situation and will provide additional information as soon as possible.”

Tony Botti, public information officer with the Fresno County Sheriff’s Office, told Gizmodo that two California sheriffs had been using the recently launched dashboard when they discovered the exposed information and reported the breach to the California State Sheriff’s Association (CSSA), which subsequently informed the California Department of Justice.

In a statement, the Fresno Sheriff’s office also noted that “portions of private information [from the breach] may have been posted on social media websites” and that it is “unknown exactly how much time the information was accessible.”

New, Bad, Vulnerable Dashboard

The 2022 Firearms Dashboard Portal, which the DOJ launched on Monday, was supposed to “increase transparency and information sharing,” according to an associated press release. It certainly did that! While the site was supposed to provide aggregated (presumably anonymous) data about gun transactions and ownership across the state, visitors to the site quickly realised that the personal information of individual gun owners had been exposed. It’s unclear why the information was visible.

Not long after the breach was discovered, the government took down the dashboard. A visit to the website on Wednesday showed that it is still down:

Screenshot: Lucas Ropek/California DOJScreenshot: Lucas Ropek/California DOJ

Gizmodo reached out to the California Attorney General’s Office for more information about the data breach and will update this story if they respond.

Conspiracy Theories Abound

Predictably, the data breach has already stirred paranoia and conspiratorial thinking on the part of gun owners. Many have used the term “dox” to describe the data breach, seeming to imply that the information had been leaked on purpose as some sort of liberal revenge for gun owners’ recent Supreme Court victory.

“Vindictive sore loser bureaucrats have endangered people’s lives and invited conflict by illegally releasing confidential private information,” Chuck Michel, President of the California Rifle & Pistol Association, told The Reload. “CRPA is working with several legislators and sheriffs to determine the extent of the damage caused by DOJ’s doxing of law abiding gun owners. Litigation is likely.”

Meanwhile, on social media, apparent gun owners shared their displeasure and seemed to let their wildest imaginative scenarios run wild:

Screenshot: Lucas Ropek/TwitterScreenshot: Lucas Ropek/Twitter

Listen, anybody familiar with state government knows that bureaucrats are not known for their technological prowess or their attention to website security. Just look at the scandal involving Missouri governor Mike Parson, who recently left 100,000 public employee social security numbers exposed on a website, then tried to blame it all on the journalist who discovered the data breach. In short: governments screw up digital security often, and this seems like a pretty big screw up.


Editor’s Note: Release dates within this article are based in the U.S., but will be updated with local Australian dates as soon as we know more.