For the most up-to-date information, please visit oag.ca.gov/dataexposure
[Italics represent updated information as of July 1, 2022]
SACRAMENTO – The California Department of Justice has announced that personal information was disclosed in connection with the June 27, 2022 update of its Firearms Dashboard Portal. Based on the Department’s current investigation, the incident exposed the personal information of individuals who were granted or denied a concealed and carry weapons (CCW) permit between 2011-2021. For CCW permit holders and applicants, information disclosed includes full name, date of birth, address, gender, race, CCW license number, California Information Index number (which is automatically generated during a fingerprint check for a CCW or for another purpose), and other government-issued identifiers. In some cases, exposed information may also include driver’s license number, and internal codes corresponding to the statutory reason that a person is prohibited from possessing a firearm. Social Security numbers and financial information were not disclosed as a result of this event. Additionally, DOJ is investigating the extent to which any personally identifiable information could have been exposed from the following dashboards: Assault Weapon Registry, Dealer Record of Sale, Firearm Certification System, and Gun Violence Restraining Order dashboards. No personal information was disclosed from the Handguns Certified for Sale file [Updated July 1, 2022].
“This unauthorized release of personal information is unacceptable and falls far short of my expectations for this department,” said Attorney General Rob Bonta. “I immediately launched an investigation into how this occurred at the California Department of Justice and will take strong corrective measures where necessary. The California Department of Justice is entrusted to protect Californians and their data. We acknowledge the stress this may cause those individuals whose information was exposed. I am deeply disturbed and angered.”
On the afternoon of June 27, 2022, DOJ posted updates to the Firearms Dashboard Portal. DOJ was made aware of a disclosure of personal information that was accessible in a spreadsheet on the portal. After DOJ learned of the data exposure, the department took steps to remove the information from public view and shut down the Firearms Dashboard yesterday morning. The dashboard and data were available for less than 24 hours.
In the coming days, the Department will notify those individuals whose data was exposed and provide additional information and resources. California law requires a business or state agency to notify any California resident whose unencrypted personal information, as defined, was acquired, or reasonably believed to have been acquired, by an unauthorized person.
DOJ asks that anyone who accessed such information respect the privacy of the individuals involved and not share or disseminate any of the personal information. In addition, possession of or use of personal identifying information for an unlawful purpose may be a crime. (See Cal Penal Code Sec. 530.5.)
We are communicating with law enforcement partners throughout the state. In collaboration, we will provide support to those whose information has been exposed.
In an abundance of caution, the Department of Justice will provide credit monitoring services for individuals whose data was exposed as a result of this incident. DOJ will directly contact individuals who have been impacted by this incident and will provide instructions to sign up for this service.
Any Californian may take the following steps to immediately protect their information related to credit: