A recent probe issued by the California Department of Justice recently found that the department accidentally exposed the personal information of over 190,000 concealed weapons permit holders from its 2022 Firearms Dashboard Portal earlier this year.
According to the report, personal details such as names, birthdays, addresses and more were left vulnerable in the incident.
Investigators said the information was downloaded possibly more than 2,700 times before it was eventually removed.
Law firm Morrison Foerster, which was in charge of the probe, said the mistake was due to a combination of lack of training, poor oversight and inadequate procedures and policies in place to prevent such accidents.
According to the probe, the incident took place in June after the DOJ unveiled an online tool to display aggregated firearms-related data with interactive charts and other graphics.
The tool was published on June 27 on the agency’s OpenJustice website, which also contains data relating to homicides and arrests.
“This was more than an exposure of data, it was a breach of trust that falls far short of my expectations and the expectations Californians have of our department,” California Attorney General Rob Bonta said in a statement.
Ultimately, an agency analyst who was assigned to create the new dashboard was found to be at fault for the leak.
The report faulted the unnamed analyst for including confidential details from a data set gathered from multiple agency sources in order to build the graphics. That data set included information from concealed weapons permit applicants.
The employee claimed that he was not aware the public would have access to the information. The report also faulted other agency staff for their lack of oversight.
Soon after the information was released, Bonta received messages on Twitter claiming that personal information about concealed weapon permit holders was discovered on the platform.
Bonta then quickly notified a deputy and his chief of staff, according to the report. However, before staff could investigate, the OpenJustice website server experienced a crash due to numerous users attempting to download the published data.
When the Firearms Dashboard was restored later that night, investigators determined officials falsely believed the personal information was secure when it was not.
This decision “proved to be a compounding error,” investigators said.
Indeed, investigators found that the vast majority of downloads of the confidential information occurred after the dashboard’s restoration online.
By noon the next day, the agency removed the dashboard and took the OpenJustice website offline as a precaution.
When asked if any agency employees had been disciplined following the breach, an Attorney General’s Office spokesperson said they were unable to comment on personnel matters.
The spokesperson added that the office “will take appropriate corrective action to prevent this from happening again.”
Bonta said the agency was implementing all of the recommendations listed in the probe. He also apologized to those who had their information stolen, and said he was still “deeply angered” by the failure.
Representative Jim Patterson called for an audit of the Department of Justice after the exposure.
“Intended or not, this was an outrageous breach of private information that could have placed people in danger,” Patterson said in a statement. “Saying you’re sorry and it won’t happen again isn’t good enough. It should never have happened in the first place.”
