2022 Firearms Dashboard Data Exposure

Information for Individuals Impacted by Firearms Dashboard Exposure

This page will be regularly updated as more information becomes available.

WHAT HAPPENED

On June 27, 2022, the California Department of Justice learned that personal information was disclosed in connection with the June 27th release of the DOJ's Firearms Dashboard Portal. After DOJ learned of the data exposure, the Department removed the information from public view and shut down the Firearms Dashboard. The dashboard and data were available for less than 24 hours. DOJ has launched an investigation to determine how this occurred, brought in outside counsel and an outside forensic cyber expert to conduct an independent review, and will take strong corrective measures where necessary.

WHO IS IMPACTED

Based on the DOJ's current investigation, the incident exposed the personal information of individuals who were granted or denied a concealed and carry weapons (CCW) permit between 2012-2021. As of now, the exposed data appears to include: full name, date of birth, address, gender, race, CCW license number, California Information Index number (which is automatically generated during a fingerprint check for a CCW or for another purpose), and other government-issued identifiers. In some cases, exposed information may also include driver's license number and internal codes of the statutory reason that a person is prohibited from possessing a firearm. Social Security numbers and financial information appear to not have been disclosed as a result of this event.

Additionally, DOJ is investigating the extent to which any personally identifiable information could have been exposed from the following dashboards: Assault Weapon Registry, Dealer Record of Sale, Firearm Certification System, and Gun Violence Restraining Order dashboards. We will post an update here as soon as additional information is confirmed.

WHAT TO DO

DOJ has sent letters to individuals it is aware may have been impacted by the CCW data exposure. An example of the notification letter is available here. Additionally, any person who believes they have been affected can contact our call center. For impacted individuals, DOJ is providing complementary resources, discussed in more detail in the FAQ below, to help protect your identity, should you feel it is appropriate to do so.

Call Center: 1-833-909-4419 (Monday-Friday, 6 a.m. - 6 p.m. PT)
Notification Letter: Example

DOJ asks that anyone who accessed the exposed data respect the privacy of the individuals involved and not share or disseminate any of the personal information. In addition, possession of or use of personal identifying information for an unlawful purpose may be a crime. (See Cal Penal Code Sec. 530.5.)

WHAT WE ARE DOING MOVING FORWARD

The unauthorized release of personal information is unacceptable. We removed the information from public view, shut down the Firearms Dashboard, and are contacting individuals directly who may have been impacted to provide additional information and resources for them.

DOJ has launched an investigation to determine how this occurred and will take strong corrective measures where necessary. We are conducting a review of our policies and procedures and working to implement additional security measures to protect the security of information in our possession. We also continue to communicate with law enforcement partners throughout the state and will collaborate with them to assist any affected individuals.

On July 6, Attorney General Bonta secured outside counsel Morrison & Foerster LLP to conduct an independent review of the incident. The team, led by former state and federal prosecutors, will: investigate how this exposure occurred; supervise an outside forensic cyber expert to examine the data and what happened from a digital perspective; review DOJ policies and practices; and offer recommendations on mitigation, remedial steps, and other appropriate measures.

Back To Top



FAQ

Based on the DOJ's current investigation, the incident appears to have exposed the personal information of individuals who were granted or denied a CCW permit between 2012-2021. DOJ is contacting individuals directly who we believe have been impacted and providing additional information and resources for them. You can also contact our call center to determine if you were impacted and if so, enroll in complementary resources at 1-833-909-4419 (Monday-Friday, 6 a.m. - 6 p.m. PT).

Shortly after the Firearms Dashboard was published on June 27, DOJ became aware that certain underlying files could be potentially accessed by the public. These files were accessible for less than 24 hours, and included personally identifiable information about individuals who were granted or denied a concealed and carry weapons (CCW) permit between 2012-2021. After DOJ learned of the data exposure, the Department removed the information from public view and shut down the Firearms Dashboard, which is no longer accessible as of June 28. We continue to investigate the events that led to this and have sent letters to individuals we are aware may have been impacted by the CCW data exposure.

The independent investigation — which includes a forensic review by a cyber and data expert — is ongoing. When the investigation is complete, we will share findings with the public. We anticipate these findings will cover how the incident occurred and the steps we are taking to ensure that an incident like this does not happen again. The public should expect a thorough and accurate account. We expect the investigation to be complete in the coming months.

As of now, we believe that the exposed data included the following for CCW permit holders and applicants: full name, date of birth, address, gender, race, CCW license number, California Information Index number (which is automatically generated during a fingerprint check for a CCW or for another purpose), and other government-issued identifiers. In some cases, exposed information may also include driver's license number and internal codes for the statutory reason that a person is prohibited from possessing a firearm. Social Security numbers and financial information were not disclosed.

Additionally, DOJ is investigating the extent to which any personally identifiable information could have been exposed from the following dashboards: Assault Weapon Registry, Dealer Record of Sale, Firearm Certification System, and Gun Violence Restraining Order. While the investigation is underway, preliminary findings indicate the exposed data for those dashboards did not include names, California Information Index numbers, Social Security numbers or financial information. We will post an update here as soon as additional information is confirmed.

The unauthorized release of personal information is unacceptable. We removed the information from public view, shut down the Firearms Dashboard, and are contacting individuals directly who may have been impacted to provide additional information and resources for them. DOJ has launched an investigation to determine how this occurred and will take strong corrective measures where necessary. We are conducting a review of our policies and procedures and working to implement additional security measures to protect the security of information in our possession. We also continue to communicate with law enforcement partners throughout the state and provide support to those affected individuals.

Additionally, on July 6, Attorney General Bonta secured outside counsel Morrison & Foerster LLP to conduct an independent review of the incident. The team, composed of former state and federal prosecutors, will: investigate how this exposure occurred; supervise an outside forensic cyber expert to examine the data and what happened from a digital perspective; review DOJ policies and practices; and offer recommendations on mitigation, remedial steps, and other appropriate measures.

We do not believe that Social Security numbers and financial information were disclosed. However, as an abundance of caution, DOJ is offering individuals impacted by the CCW data exposure complimentary access to identity protection services through IDX, which includes: 12 months of triple-bureau credit monitoring, CyberScan dark web monitoring, a $1 million insurance reimbursement policy, and fully managed ID theft recovery services.

Additionally, any Californian may take the following steps to immediately protect their information related to credit:

  • Monitor your credit. One of the best ways to protect yourself from identity theft is to monitor your credit history. To obtain free copies of your credit reports from the three major credit bureaus go to https://www.annualcreditreport.com.
  • Consider placing a free credit freeze on your credit report. Identity thieves will not be able to open a new credit account in your name while the freeze is in place. You can place a credit freeze by contacting each of the three major credit bureaus:
  • Place a fraud alert on your credit report. A fraud alert helps protect you against the possibility of someone opening new credit accounts in your name. A fraud alert lasts 90 days and can be renewed. To post a fraud alert on your credit file, you must contact one of the three major credit reporting agencies listed above. Keep in mind that if place a fraud alert with any one of the three major credit reporting agencies, the alert will be automatically added by the other two agencies as well.
  • Additional Resources. If you are a victim of identity theft, contact your local police department or sheriff's office right away. You may also report identity theft and generate a recovery plan using the Federal Trade Commission's website at https://www.identitytheft.gov/. For more information and resources visit the Attorney General's website at oag.ca.gov/idtheft.

We are offering individuals impacted by the CCW data exposure complimentary access to identity protection services through IDX, which includes: 12 months of triple-bureau credit monitoring, CyberScan dark web monitoring, a $1 million insurance reimbursement policy, and fully managed ID theft recovery services. Our call center is available to assist you in accessing these complimentary resources at 1-833-909-4419 between 6 a.m. and 6 p.m., Monday-Friday.

The Firearms Dashboard is a publicly accessible data portal with graphs and high-level information about the number of firearms and firearm-related permits approved each year, as well as other general firearms-related statistics for which the Department of Justice frequently receives requests. The dashboard was NOT meant to provide any personal information about individual gun owners.

Back To Top



Contact Us

DOJ has sent letters to those individuals who we believe may have been impacted by the CCW data exposure. An example of the notification letter is available here. Additionally, you can contact our call center to determine if you were impacted and to enroll in complimentary resources to help protect your identity at 1-833-909-4419.

Contact us via phone: 1-833-909-4419 (Monday-Friday, 6 a.m. - 6 p.m. PT)

Contact us online: www.oag.ca.gov/contact/general-comment-question-or-complaint-form

Enroll in services*: https://response.idx.us/dojca/

*To enroll in services, you will need an "enrollment code" provided to you on your notification letter. This code can also be obtained by verifying your identity with our call center at 1-833-909-4419 (Monday-Friday, 6 a.m. – 6 p.m. PT)