Investigation Into California’s Data Breach Keeps Getting Worse

0
30

The Golden State of gun owner infringements is showing that their ‘oops’ with the personal identity information of concealed licensees keeps getting worse as the investigation is ongoing. The California DoJ has now confirmed that not only were all current permits shown with name, address, date of birth, driver’s license number, and criminal history, but they exposed everyone who applied in the last decade too.

Records from 2011 to 2021 of all applicants, whether they were granted a permit or not, were confirmed to be part of the exposed data by Attorney General Rob Bonta’s office. Other dashboards backend data was also launched as viewable to the public, but it is unknown at this time how much protected data was part of those other systems.

All of this stems from California DoJ’s launch of their Firearms Dashboard Portal, which it is clear now was not properly checked for security from the front end. This wasn’t a hack or a “leak” in the traditional sense so it seems. This was a website that was put live to the public with accessible searchable pathways that anyone could use to look up protected information. Whatever authentication scheme was supposed to be in place so that sensitive information could not be found in the open was not in place.

Deliberately done?

The timing of this egregious data breach has led to speculation in many parts of the internet that this was done deliberately. If it was, by a lone or small group of employees more than likely, that would be a far more devastating breach of the public trust than the negligence of publishing all the data in a forward facing manner was.

For the record, I do not believe this was deliberately done on the part of the government of California.

I am less convinced that it wasn’t a deliberate action by an employee angry at the result and new directives, but I consider it overall unlikely. I’m sure DoJ in CA would love if it was right now just so they could publicly throw someone to the wolves for the information breach instead of having to eat the incompetence line over and over again.

More as we know it.