Report: California gun data breach was unintentional

Nov 30, 2022, 5:04 PM | Updated: Dec 1, 2022, 3:57 pm
FILE - California Attorney General Rob Bonta speaks at a news conference in Sacramento, Calif., on ...

FILE - California Attorney General Rob Bonta speaks at a news conference in Sacramento, Calif., on June 28, 2022. Bonta said Wednesday, Nov. 30, 2022, the California Department of Justice will adopt recommendations from an independent investigation into a data breach over the summer that exposed the personal information of 192,000 people who had applied for a permit to carry a concealed weapon. (AP Photo/Rich Pedroncelli, File)

(AP Photo/Rich Pedroncelli, File)

SACRAMENTO, Calif. (AP) — California’s Department of Justice mistakenly posted the names, addresses and birthdays of nearly 200,000 gun owners on the internet because officials didn’t follow policies or understand how to operate their website, according to an investigation released Wednesday.

The investigation, conducted by an outside law firm hired by the California Department of Justice, found that personal information for 192,000 people was downloaded 2,734 times by 507 unique IP addresses during a roughly 12-hour period in late June. All of those people had applied for a permit to carry a concealed gun.

The data was exposed just days after the U.S. Supreme Court ruled that people have a right to carry guns in public. The decision invalidated a California law that said people must give a reason for wanting to carry a concealed weapon, such as a threat to their safety. Lawmakers then tried to pass new restrictions for concealed carry permits, but failed.

Investigators said they “did not uncover any evidence that the timing of the (data breach) was driven by a nefarious intent or was personally or politically motivated in any way.” Instead, they said state officials planned to publish what they thought was anonymous data “to meet anticipated heightened public interest in firearms-related data” following the court ruling.

An intentional breach of personal information carries more stiff fines and penalties under California law, according to Chuck Michel, an attorney and president of the California Rifle & Pistol Association. He said the association is preparing a lawsuit against the state and is encouraging people impacted by the exposure to talk with an attorney about filing their own lawsuits.

Michel noted the leaked data likely included information from people in sensitive positions — including judges, law enforcement personnel and domestic violence victims — who had sought gun permits.

“There is a lot of gaps and unanswered questions, perhaps deliberately so, and some spin on this whole notion of whether this was an intentional release or not,” he said. “This is not the end of the inquiry.”

The Department of Justice contracted with the Morrison Foerster law firm to investigate the data exposure. The firm said it had “the mandate and autonomy to conduct an independent investigation that followed the facts and evidence wherever they led.”

Officials at the California Department of Justice did not know about the breach until someone sent Attorney General Rob Bonta a private message on Twitter that included screenshots of the personal information that was available to download from the state’s website, the investigation said.

State officials at first thought the report was a hoax. Two unnamed employees — identified only as “Data Analyst 1” and “Research Center Director” — investigated and mistakenly assured everyone that no personal information was publicly available.

Meanwhile, the website crashed because so many people were trying to download the data. Another group of state officials worked to bring the website back online, unaware of the breach. They got the website working again at about 9:30 p.m.

State officials would not disable the website until about noon the next day. By then, the information had already been downloaded thousands of times.

State officials thought they were providing anonymous information in the aggregate for research and media requests about the use of guns in California. But the employee who created the website included several datasets that contained personal information.

Investigators found that no one — neither the employee who compiled the data nor the officials that supervised the employee — knew the proper security settings to prevent the data from being available for public download.

“This was more than an exposure of data, it was a breach of trust that falls far short of my expectations and the expectations Californians have of our department,” Bonta, the attorney general, said in a news release. “I remain deeply angered that this incident occurred and extend my deepest apologies on behalf of the Department of Justice to those who were affected.”

Other information was also mistakenly released, including data from firearms safety certificates, dealer record of sale and the state’s assault weapons registry. That data included dates of birth, gender and driver’s license numbers for more than 2 million people and 8.7 million gun transactions. But investigators said there wasn’t enough information in those datasets to identify anyone.

Investigators recommended more training and planning for state officials, including a review and update of policies and procedures.

“This failure requires immediate correction, which is why we are implementing all of the recommendations from this independent report,” Bonta said.

___

This story was first published on Nov. 30, 2022. It was updated on Dec. 1, 2022, to correct that the California Rifle & Pistol Association is preparing an individual lawsuit against the state, not a class action lawsuit.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

FILE - A Leopard 1 tank drives in Storkau, Germany, on May 19, 2000. Ukraine may be able to add old...
Associated Press

Ukraine may also get old Leopard 1 tanks from German stocks

BERLIN (AP) — Ukraine may be able to add old Leopard 1 battle tanks from German defense industry stocks to deliveries of modern tanks that Berlin and other governments pledged last week to counter Russian forces in the war. German government spokesman Steffen Hebestreit confirmed Friday that “export authorization has been granted” but declined to […]
6 hours ago
FILE - President Barack Obama, left, and Russian President Dmitry Medvedev sign the New START treat...
Associated Press

NATO urges Russia to respect nuclear pact with the US

BRUSSELS (AP) — NATO called Friday on Russia to respect the only treaty it has with the United States aimed at keeping a lid on nuclear weapons expansion and urged Moscow to allow on-the-ground inspections of military sites to resume. The so-called New START Treaty was signed by Russia and the U.S. in 2010. It […]
6 hours ago
Associated Press

Reports: 8 migrants’ bodies recovered by Italian coast guard

MILAN (AP) — The bodies of eight migrants have been recovered by Italy’s coast guard during an operation overnight that also rescued 42 survivors in the central Mediterranean off the island of Lampedusa, Italian news agency ANSA reported Friday. The coast guard in Rome and in Lampedusa declined to immediately confirm details of the rescue, […]
6 hours ago
A Ukrainian serviceman controls a drone during a demonstration close to the border with Belarus, Uk...
Associated Press

Along Ukraine-Belarus border, a war of nerves — and drones

BELARUS BORDER, Ukraine (AP) — The reconnaissance drones fly several times a day from Ukrainian positions deep inside the thick forest that marches across the border into Belarus, a close Russian ally, scouring sky and land for signs of trouble on the other side. Ukrainian units are monitoring the 1,000-kilometer (650-mile) frontier of marsh and […]
6 hours ago
FILE - A vender waits for customers at a vegetable market place in Colombo, Sri Lanka, Friday, June...
Associated Press

China confirms offer to Sri Lanka of debt moratorium

BEIJING (AP) — China’s government on Friday confirmed it is offering Sri Lanka a two-year moratorium on loan repayments as the Indian Ocean island nation struggles to restructure $51 billion in foreign debt that pushed it into a financial crisis. China lent to Sri Lanka as part of Beijing’s multibillion-dollar Belt and Road Initiative to […]
6 hours ago
FILE - In this Wednesday, Oct. 21, 2020, file photo, Iias Kasidiaris, former Golden Dawn lawmaker w...
Associated Press

Jailed leader of Greek far-right party faces election ban

ATHENS, Greece (AP) — Greece’s government is seeking to ban a far-right political party led by a jailed former lawmaker from participating in a general election later this year, with a legislative initiative that has gained cross-party support. Ilias Kasidiaris, 42, founded the Greek National Party two years ago. He is currently serving a sentence […]
6 hours ago

Sponsored Articles

...
Fiesta Bowl Foundation

Celebrate 50 years of Vrbo Fiesta Bowl Parade magic!

Since its first production in the early 1970s, the Vrbo Fiesta Bowl Parade presented by Lerner & Rowe has been a staple of Valley traditions, bringing family fun and excitement to downtown Phoenix.
(Desert Institute for Spine Care photo)...
DESERT INSTITUTE FOR SPINE CARE

Why DISC is world renowned for back and neck pain treatments

Fifty percent of Americans and 90% of people at least 50 years old have some level of degenerative disc disease.
...
Quantum Fiber

How high-speed fiber internet can improve everyday life

Quantum Fiber supplies unlimited data with speeds up to 940 mbps, enough to share 4K videos with coworkers 20 times faster than a cable.
Report: California gun data breach was unintentional