After a data breach on Monday revealed the personal information of Californians who applied for a concealed carry weapons permit, the California State Sheriffs’ Association released a statement Wednesday saying the organization is “alarmed.”
“It is infuriating that people who have been complying with the law have been put at risk by this breach,” CSSA President and Butte County Sheriff Kory Honea said in a statement. “California’s sheriffs are very concerned about this data breach and the risk it poses to California’s CCW permit holders.”
The Los Angeles Police Protective League Board of Directors also issued a statement decrying the breach.
“The personal safety of law enforcement officers and their families are already at increased risk due to the nature of their job,” the board said. “This security breach could potentially make matters worse. Any disclosure of personal information is extremely troubling, and we are hopeful that this information is not used to harm officers. We urge the Attorney General’s office to quickly complete their investigation to determine how this occurred and what immediate corrective measures must be put into place to prevent any future disclosures.”
The Fresno County Sheriff’s Office confirmed that “all concealed weapons permit holders in California” are affected, the Los Angeles Times reported.
The breach affected applications from 2011 to 2021 and included “names, date of birth, gender, race, driver’s license number, addresses, and criminal history,” the DOJ said in a news release on Wednesday.
“Social Security numbers or any financial information were not disclosed as a result of this event,” the DOJ added.
Also possibly exposed was information from several other gun-related dashboards, including the “Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Certificate Safety, and Gun Violence Restraining Order dashboards,” the release added, though what personal information, if any, was exposed has not yet been determined.
“This unauthorized release of personal information is unacceptable and falls far short of my expectations for this department,” state Attorney General Rob Bonta said in a statement. “I immediately launched an investigation into how this occurred at the California Department of Justice and will take strong corrective measures where necessary. The California Department of Justice is entrusted to protect Californians and their data. We acknowledge the stress this may cause those individuals whose information was exposed. I am deeply disturbed and angered.”
Nathan Hochman, the Republican candidate likely to face Bonta in this fall’s race for AG, took aim at his opponent when commenting.
“Having the private data of citizens, people who have been able to get the permits … these are judges, law enforcement, domestic violence victims who were able to get that permit,” Hochman said. “To then put that information on the internet and allow anyone to have access to someone’s private data and address? This is one of the many tremendous failings of the Attorney General and his office. The fact they tried to quickly tried to take it off didn’t erase the error. I hope there is an investigation of the department of justice and Rob Bonta to find out how this happened and make sure it doesn’t happen again. This is concerning because as you know we have a Data Privacy law that goes into effect next year. If we can’t trust the AG with the data of concealed weapons permits, how are we supposed to trust the office with other data…?”
The DOJ said it will notify those who were affected by the breach “in the coming days” and “will provide support to those whose information has been exposed.”
In addition, the DOJ offered several pieces of advice.
“Any Californian may take the following steps to immediately protect their information related to credit,” the department said.
- Monitor your credit. To obtain free copies of credit reports from the three major credit bureaus, visit https://www.annualcreditreport.com.
- Consider placing a free credit freeze on your credit report. A freeze prevents the opening of new accounts in your name. To implement a freeze, contact each of the three major bureaus:
- Equifax: https://www.equifax.com/personal/credit-report-services/credit-freeze/; 888-766-0008
- Experian: https://www.experian.com/freeze/center.html; 888-397-3742
- TransUnion: https://www.transunion.com/credit-freeze; 800-680-7289
- Place a fraud alert on your credit report. A 90-day fraud alert helps protect against the possibility of someone else opening new credit accounts in your name. To post a fraud alert, contact one of the three major credit reporting agencies listed above. Any fraud alert placed with any one of the three major credit reporting agencies will be automatically added by the other two agencies as well.
- Additional Resources. Victims of identity theft should contact their local police department or sheriff’s office right away. Victims can also report identity theft and generate a recovery plan using the Federal Trade Commission’s website at identitytheft.gov. For more information and resources, visit the Attorney General’s website at oag.ca.gov/idtheft.”