California Department of Justice Confirms Data Breach Leaking the Information of More than 200,000 CCW Permit Holders and Applicants

Console and Associates, P.C.

Recently, the California Department of Justice (“DOJ”) reported a data breach that exposed the personal information of more than 200,000 Concealed Carry Weapon (CCW) permit holders across the state. Evidently, the leak occurred during the rollout of the new Firearms Dashboard and resulted in the following information being exposed: names, ages, addresses, Criminal Identification Index (CII) numbers and license types (Standard, Judicial, Reserve and Custodial). The Fresno County Sheriff’s Office was the first organization to report the breach on June 28, 2022, after it received word of the incident from the California Department of Justice. Subsequently, the California DOJ posted notice of the breach on its website and indicated it will send data breach letters to affected parties.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the California Department of Justice data breach, please see our recent piece on the topic here.

Additional Information About the California Department of Justice Gun Permit Data Breach

According to a notice posted on the California DOJ website, on June 27, 2022, the California DOJ learned that personal information was disclosed in connection with the release of the DOJ’s Firearms Dashboard Portal that same day. In response, the DOJ promptly removed the visible data and shut down the Firearms Dashboard.

The DOJ then began looking into the cause of the breach and what, if any, sensitive information was involved. After reviewing the data, the California DOJ determined that the incident exposed the personal information of those who applied for concealed and carry weapons (CCW) permits between 2011-2021. The breach involved the information of those who were both approved and denied a permit.

While the breached information varies depending on the individual, it may include your full name, date of birth, address, gender, race, CCW license number, California Information Index number, and other government-issued identifiers. The California DOJ also reports that, in some cases, driver’s license numbers and internal codes corresponding to the statutory reason that a person is prohibited from possessing a firearm were made publicly available.

On around June 28, 2022, the California Department of Justice informed other government entities of the breach, including the Fresno County Sheriff’s Office, which posted a public Facebook post explaining the incident. The California DOJ indicated that it will be sending data breach notifications to affected parties in the coming weeks. It is estimated that more than 200,000 people were affected by the California Department of Justice Breach.

The California Department of Justice is the government agency responsible for overseeing the application process for firearm license in the State of California. The Department of Justice is led by the California Attorney General, who is the state’s top lawyer. In addition to firearm permitting, the DOJ oversees the prosecution and prevention of crime, preserving the state’s natural resources, enforcing civil rights and assisting the victims of crime, including identity theft. The California DOJ employs more than 4,500 lawyers, investigators, sworn peace officers, and other employees.

Can a Government Organization Be Liable for an Accidental Data Breach?

The California DOJ gun permit breach is unique in two regards. First, it is relatively unusual for a data breach to be the result of a government agency leaking sensitive information about citizens. And second, based on the available information, the breach does not appear to have been the result of third-party criminal activity.

However, while the California Department of Justice breach is somewhat unusual, it doesn’t change the fact that the DOJ may be liable if it can be shown that it was negligent in maintaining the safety and security of permit holders’ and applicants’ information.

In the context of a data breach lawsuit, the question is always whether the company that was responsible for maintaining the leaked information was negligent. Negligence can take many forms. For example, often, companies who experience a cyberattack may be negligent for failing to update their data security systems or take known risks into account. However, exposing personal information to the public could also be considered negligent. Of course, at this point, it is too early to tell whether the California DOJ was negligent and if the organization bears responsibility for the breach. However, data breach lawyers are looking into the incident to determine if the affected parties have a remedy against the California DOJ.

Those who believe they were affected by the California DOJ gun permit breach should reach out to a data breach lawyer for immediate assistance.

Written by:

Console and Associates, P.C.

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.