By ADAM BEAM
SACRAMENTO — The California Department of Justice mistakenly published the names, addresses and birthdays of nearly 200,000 gun owners on the Internet because officials failed to follow policies or understand how to operate their site Web, according to a survey released Wednesday.
The investigation, conducted by an outside law firm hired by the California Department of Justice, found that the personal information of 192,000 people had been downloaded 2,734 times by 507 unique IP addresses over a period of around 12 o’clock at the end of June. All of these people had applied for a permit to carry a concealed weapon.
The data came to light just days after the US Supreme Court ruled that people have the right to bear arms in public. The ruling struck down a California law that required people to give a reason for wanting to carry a concealed weapon, such as a threat to their safety. Lawmakers then attempted to pass new restrictions for concealed carry permits, but failed.
Investigators said they “uncovered no evidence that the timing of the (data breach) was motivated by nefarious intent or was personally or politically motivated in any way.” Instead, they said state officials plan to release what they believe is anonymized data “to respond to the anticipated heightened public interest in firearms data” in the wake of the court’s decision.
An intentional breach of personal information carries stiffer fines and penalties under California law, according to Chuck Michel, attorney and president of the California Rifle & Pistol Association. Michel said his group is preparing a class action lawsuit against the state. He noted that the leaked data likely included information from people in sensitive positions — including judges, law enforcement officers and victims of domestic violence — who had applied for gun permits.
“There are a lot of gaps and unanswered questions, perhaps deliberately, and some of them revolve around this whole notion of whether this was an intentional release or not,” he said. “This is not the end of the investigation.”
The Department of Justice has hired law firm Morrison Foerster to investigate the data exposure. The firm said it had “the mandate and autonomy to conduct an independent investigation that followed facts and evidence wherever they led”.
California Department of Justice officials were unaware of the breach until someone sent Attorney General Rob Bonta a private message on Twitter containing screenshots of personal information that can be uploaded to the state’s website, according to the investigation.
State officials initially thought the report was a hoax. Two anonymous employees – identified only as “Data Analyst 1” and “Research Center Director” – investigated and falsely assured everyone that no personal information was publicly available.
During this time the website crashed because so many people were trying to download the data. Another group of state officials worked to get the website back online, unaware of the breach. They got the website back up and running around 9:30 p.m.
State officials would not deactivate the website until around noon the next day. By then, the information had already been downloaded thousands of times.
State officials believed they were providing anonymous information overall for research and media inquiries about California’s gun use. But the employee who created the website included several datasets containing personal information.
Investigators found that no one – neither the employee who compiled the data nor the officials supervising the employee – knew of the appropriate security settings to prevent the data from being available for public download.
“This was more than a data exposure, it was a breach of trust that falls far short of my expectations and the expectations of Californians of our department,” Bonta, the attorney general, said in a press release. . “I remain deeply angry that this incident occurred and offer my sincerest apologies on behalf of the Department of Justice to those affected.”
Other information was also released in error, including data from gun safety certificates, the dealer’s sales record, and the state assault weapons registry. This data included the dates of birth, gender and driver’s license numbers of more than 2 million people and 8.7 million gun transactions. But investigators said there was not enough information in those datasets to identify anyone.
Investigators recommended more training and planning for state officials, including reviewing and updating policies and procedures.
“This failure requires immediate correction, which is why we are implementing all recommendations of this independent report,” Bonta said.
#California #DOJ #accidentally #exposed #data #gun #owners #investigation #finds