UPDATED 20:01 EDT / JUNE 29 2022

SECURITY

California firearms registration website exposes personal information

A California Department of Justice website relating to firearms registration has been found to be exposing personal information.

A June 27 update to the Firearm Dashboard Portal exposed details of individuals who were granted or denied a concealed and carry weapons permit between 2011 and 2021. The information exposed included names, dates of birth, gender, race, driver’s license number, address and criminal history. Social Security numbers and financial information were not disclosed.

Data from additional dashboards were also exposed. Affected dashboards include the Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Safety Certificate and Gun Violence Restraining Orders.

The data was exposed for a period of 24 hours. It’s not known how many users were affected or whether the data was stolen. The portals have since been taken offline.

“This unauthorized release of personal information is unacceptable and falls far short of my expectations for this department,” Attorney General Rob Bonta said in a statement. “I immediately launched an investigation into how this occurred at the California Department of Justice and will take strong corrective measures where necessary.”

The department said it will notify all individuals whose data was exposed in the coming days and provide additional information and resources. It also asked that anyone who has accessed the information to respect the privacy of the individuals involved and not share the personal information.

“Given that this breach involving the Department of Justice was the result of a data exposure on their recently launched site and the breach informant was the California State Sheriff’s Association rather than a security researcher or a security operation center, it appears that this incident was the result of negligence, rather than an attack,” Nick Tausek, security automation architect at low-code security automation company Swimlane Inc., told SiliconANGLE. “Although details are still sparse, it seems likely that this leak… may have been a result of improper authentication controls around accessing dashboards that house and permit access to this type of information.”

Given that gun control is a hot topic in the U.S., Tyler Glotz, manager, governance risk and compliance at security intelligence firm LogRhythm Inc. raises an obvious question. He said the event “raises questions of inside actors or hacktivists reacting to national changes in concealed carry law that came from NYSRPA v Bruen just days before.”

Photo: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU