Posted On July 6, 2022 Consumer Privacy & Data Breaches
July 6, 2022 – Recently, the California Department of Justice (“DOJ”) announced a data breach that leaked the personal information of Concealed Carry Weapon (CCW) permit holders across the state. Evidently, the leak resulted in the following information being exposed: names, ages, addresses, Criminal Identification Index (CII) numbers and license types (Standard, Judicial, Reserve and Custodial). The Fresno County Sheriff’s Office was the first organization to report the breach on June 28, 2022, after it received word of the incident from the California Department of Justice. Subsequently, the California DOJ posted notice of the breach on its website. Current estimates place the number of affected parties around 200,000.
If you receive a data breach notification in the coming weeks, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the California DOJ data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation as a result of the incident.
According to a notice posted on the California DOJ website, on June 27, 2022, the California DOJ learned that personal information was disclosed in connection with the release of the DOJ’s Firearms Dashboard Portal that same day. In response, the DOJ promptly removed the visible data and shut down the Firearms Dashboard.
The DOJ then began looking into the cause of the breach and what, if any, sensitive information was involved. After reviewing the data, the California DOJ determined that the incident exposed the personal information of those who applied for concealed and carry weapons (CCW) permits between 2011-2021. The breach involved the information of those who were both approved and denied a permit.
While the breached information varies depending on the individual, it may include your full name, date of birth, address, gender, race, CCW license number, California Information Index number, and other government-issued identifiers. The California DOJ also reports that, in some cases, driver’s license numbers and internal codes corresponding to the statutory reason that a person is prohibited from possessing a firearm were made publicly available.
On around June 28, 2022, the California Department of Justice informed other government entities of the breach, including the Fresno County Sheriff’s Office, which posted a public Facebook post explaining the incident. The California DOJ indicated that it will be sending data breach notifications to affected parties in the coming weeks. It is estimated that more than 200,000 people were affected by the California Department of Justice Breach.
The California Department of Justice is the government agency responsible for overseeing the application process for firearm licensure in the State of California. The Department of Justice is led by the California Attorney General, who is the state’s top lawyer. In addition to firearm permitting, the DOJ oversees the prosecution and prevention of crime, preserving the state’s natural resources, enforcing civil rights and assisting the victims of crime, including identity theft. The California DOJ employs more than 4,500 lawyers, investigators, sworn peace officers, and other employees.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the California DOJ data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by the California Department of Justice (the actual notice sent to consumers can be found here):
On June 27, 2022, the California Department of Justice learned that personal information was disclosed in connection with the June 27th release of the DOJ’s Firearms Dashboard Portal. After the DOJ learned of the data exposure, the Department took steps to remove the information from public view and shut down the Firearms Dashboard. The dashboard and data were available for less than 24 hours. The DOJ has launched an investigation to determine how this occurred and will take strong corrective measures where necessary.
WHO IS IMPACTED
Based on the DOJ’s current investigation, the incident exposed the personal information of individuals who were granted or denied a concealed and carry weapons (CCW) permit between 2011-2021. As of now, we know that the exposed data included: full name, date of birth, address, gender, race, CCW license number, California Information Index number (which is automatically generated during a fingerprint check for a CCW or for another purpose), and other government-issued identifiers. In some cases, exposed information may also include driver’s license number, and internal codes corresponding to the statutory reason that a person is prohibited from possessing a firearm. Social Security numbers and financial information were not at risk as a result of this event.
Additionally, the DOJ is investigating the extent to which any personally identifiable information could have been exposed from the following dashboards: Assault Weapon Registry, Dealer Record of Sale, Firearm Certification System, and Gun Violence Restraining Order dashboards. We will post an update here as soon as additional information is confirmed.
WHAT TO DO
DOJ will directly contact individuals impacted by the CCW data exposure via U.S. mail in the coming days. Additionally, you can contact our call center to determine if you were impacted. If so, the DOJ is providing complementary resources, discussed in more detail in FAQ below, to help protect your identity, should you feel it is appropriate to do so.
Call center: 1-833-909-4419 (Monday-Friday, 6 a.m. – 6 p.m. PT)
The DOJ asks that anyone who accessed the exposed data respect the privacy of the individuals involved and not share or disseminate any of the personal information. In addition, possession of or use of personal identifying information for an unlawful purpose may be a crime. (See Cal Penal Code Sec. 530.5.)
WHAT WE ARE DOING MOVING FORWARD
The unauthorized release of personal information is unacceptable. We removed the information from public view, shut down the Firearms Dashboard, and are contacting individuals directly who have been impacted by the breach to provide additional information and resources for them.
The DOJ has launched an investigation to determine how this occurred and will take strong corrective measures where necessary. We are conducting a review of our policies and procedures and working to implement additional security measures to protect the security of information in our possession. Additionally, we are communicating with law enforcement partners throughout the state. In collaboration, we will provide support to those whose information has been exposed.