SECURITY
SECURITY
SECURITY
California firearms registration website exposes personal information
A California Department of Justice website relating to firearms registration has been found to be exposing personal information.
A June 27 update to the Firearm Dashboard Portal exposed details of individuals who were granted or denied a concealed and carry weapons permit between 2011 and 2021. The information exposed included names, dates of birth, gender, race, driver’s license number, address and criminal history. Social Security numbers and financial information were not disclosed.
Data from additional dashboards were also exposed. Affected dashboards include the Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Safety Certificate and Gun Violence Restraining Orders.
The data was exposed for a period of 24 hours. It’s not known how many users were affected or whether the data was stolen. The portals have since been taken offline.
“This unauthorized release of personal information is unacceptable and falls far short of my expectations for this department,” Attorney General Rob Bonta said in a statement. “I immediately launched an investigation into how this occurred at the California Department of Justice and will take strong corrective measures where necessary.”
The department said it will notify all individuals whose data was exposed in the coming days and provide additional information and resources. It also asked that anyone who has accessed the information to respect the privacy of the individuals involved and not share the personal information.
“Given that this breach involving the Department of Justice was the result of a data exposure on their recently launched site and the breach informant was the California State Sheriff’s Association rather than a security researcher or a security operation center, it appears that this incident was the result of negligence, rather than an attack,” Nick Tausek, security automation architect at low-code security automation company Swimlane Inc., told SiliconANGLE. “Although details are still sparse, it seems likely that this leak… may have been a result of improper authentication controls around accessing dashboards that house and permit access to this type of information.”
Given that gun control is a hot topic in the U.S., Tyler Glotz, manager, governance risk and compliance at security intelligence firm LogRhythm Inc. raises an obvious question. He said the event “raises questions of inside actors or hacktivists reacting to national changes in concealed carry law that came from NYSRPA v Bruen just days before.”
Photo: Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
