Report: Gun data breach was unintentional
SACRAMENTO (AP) — California’s Department of Justice mistakenly posted the names, addresses and birthdays of nearly 200,000 gun owners on the Internet because officials didn’t follow policies or understand how to operate their website, according to an investigation released, Wednesday.
The investigation, conducted by an outside law firm hired by the California Department of Justice, found that personal information for 192,000 people was downloaded 2,734 times by 507 unique IP addresses during a roughly 12hour period, in late June. All of those people had applied for a permit to carry a concealed gun.
“The improper exposure of confidential personal data by DOJ, while unacceptable, was unintentional and not connected to any nefarious purpose,” investigators wrote in their report.
An intentional breach of personal information carries more stiff fines and penalties under California law, according to Chuck Michel, an attorney and president of the California Rifle & Pistol Association. Michel said his group is preparing a class action lawsuit against the state.
“There is a lot of gaps and unanswered questions, perhaps deliberately so, and some spin on this whole notion of whether this was an intentional release or not,” he said. “This is not the end of the inquiry.”
The release of the data over the summer came shortly after the US Supreme Court ruled against a New York requirement that people must provide a reason to carry a concealed gun. California has a similar requirement, and efforts to change it following the court’s ruling failed, earlier this year.
Michel said the leaked data had information about judges, law enforcement personnel and domestic violence victims who had sought gun permits.
Officials at the California Department of Justice did not know about the breach until someone sent Attorney General Rob Bonta a private message on Twitter that included screenshots of the personal information that was available to download from the state’s website, the investigation said.
State officials at first thought the report was a hoax. Two unnamed employees — identified only as “Data Analyst 1” and “Research Center Director” — investigated and mistakenly assured everyone that no personal information was publicly available.