by Photo courtesy of Wikimedia Commons

The California Department of Justice released the results of an independent investigation on Wednesday of a data leak in June that exposed the personal information of 192,000 individuals who applied for a concealed carry weapon. 

The investigation was conducted by independent legal and forensic cyber experts, according to Attorney General Rob Bonta’s office. The data leak on the DOJ’s Firearms Dashboard revealed confidential personal data from individuals who applied for concealed carry weapons (CCW) in California from approximately 2012 through 2021. 

“This unauthorized release of personal information was unacceptable. This was more than an exposure of data, it was a breach of trust that falls far short of my expectations and the expectations Californians have of our department,” said Attorney General Bonta in a news release. 

Confidential firearms-related data managed by the DOJ was publicly exposed on June 27-28 on OpenJustice, a DOJ website intended to provide the public with aggregated, anonymous criminal justice data. For less than 24 hours, public visitors to the site were able to access the confidential information related to CCW applicants and holders, along with other firearm data. 

According to Bonta’s office, the independent investigation led by the law firm of Morrison Foerster with FTI, an outside cyber expert, found no ill intent.

The 61-page report found that the exposure was due to several deficiencies within the DOJ, including a lack of training, expertise, and professional rigor; insufficient documentation, policies, and procedures; and inadequate oversight. 

“This combination of factors resulted in errors, poor judgment, and missed opportunities by certain DOJ personnel, and ultimately, in DOJ’s failure to meet the responsibilities with which it was entrusted as the custodian of confidential information,” reads the report. 

Law enforcement agencies and those whose personal information was exposed were notified by the DOJ in the days following the leak, providing additional informaiton and resources. The DOJ also provided credit monitoring services for individuals whose data was exposed as a result of this incident and provide instruction to those impacted. 

To restore the community’s trust, the independent investigation put forth six recommendations for DOJ to implement. The recommendations include reviewing and updating policies and procedures, enhanced training, evaluating security risks, centralizing and improving organizational structures, creating a data incident action plan, and clarifying roles in review and approval processes. 

“I remain deeply angered that this incident occurred and extend my deepest apologies on behalf of the Department of Justice to those who were affected,” Bonta said. “While the report found no ill intent, this incident was unacceptable, and DOJ must be held to the highest standard. This failure requires immediate correction, which is why we are implementing all of the recommendations from this independent report.”

Leave a comment

Your email address will not be published. Required fields are marked *