SACRAMENTO, CA -(Ammoland.com)- Gun owners have long worried that firearms licensing schemes put their information at risk. On Monday, their fears came to fruition.
Earlier in the week, the California Department of Justice released the 2022 Firearms Dashboard Portal. According to the California AG Rob Bonta, the dashboard would;
“[i]mprove transparency and information sharing for firearms-related data and includes broad enhancements to the platform to help the public access data on firearms in California, including information about the issuance of Concealed Carry Weapons (CCW) permits and Gun Violence Restraining Orders (GVROs).”
When gun owners examined the site, they found that a web user could download all personal information about California gun owners with a click of a button. This information included the gun owners’ names, addresses, and even Californian’s birth dates.
Even more shocking was the database tagged law enforcement members and judges.
Over the past year, law enforcement has been targeted by radical left-wing hate mobs fueled by the rhetoric of left-wing politicians looking to score points with their base. The database that was downloaded listed the law enforcement officer’s home addresses. With political violence on the rise, the database put the law enforcement officer’s life at risk and the lives of their family members as well.
The database can also aid criminals in knowing who to target for robbery. One of the databases leaked was the California Assault Weapon Registry. Now the owners of these firearms are a bigger target of criminals that will wait until the homeowners leave to break in and steal their guns.
California Attorney General Rob Bonta’s office claims that the data was an unfortunate mistake, leading to more questions.
The biggest question is why a database of personally identifiable information (PPI) was stored on an Internet-facing data share.
It is best practice not to keep this information on a share where it could be accessed via the Internet without first authenticating.
Before getting into journalism, this writer spent over 20 years working in the information technology world for the federal government and private companies. I have worked to mitigate breaches throughout most of my former career. Most data breaches are misconfiguration of servers or network devices, allowing a hacker to use that misconfiguration to gain unauthorized access. Another common tactic used by hackers is what is known as social engineering. This method can include phishing emails or impersonating an employee to gain access to a computer system. Neither of these methods caused this data breach.
If the California AG is to be believed, then the system architects are grossly incompetent or massively unqualified to design the system. The issue should have been caught before the site went live, leading some to believe the leak was intentional. In contrast, others do not attribute to malice what can be attributed to gross incompetence.
The system should have been set up to require the user to authenticate with two-factor authentication to access the system. Once logged in, only then would the user be able to navigate to the share through an encrypted session. That would stop most data breaches.
The AG’s office is investigating the leak and stated that they take all data leaks seriously. As of this writing, the site is offline with no timeline for it to return.
AmmoLand News tried contacting AG Bonta via cell phone for comment, but our calls were not returned.
Update: Below is a press release from California AG Rob Bonta
About John Crump
John is an NRA instructor and a constitutional activist. John has written about firearms, interviewed people of all walks of life, and on the Constitution. John lives in Northern Virginia with his wife and sons and can be followed on Twitter at @crumpyss, or at www.crumpy.com.