1. Forum
  2. Usenet
  3. COMP.OS.LINUX.ADVOCACY

  • Report: Rob Bonta California gun data breach was "unintentional"

    From useapen@21:1/5 to All on Wed Jan 29 08:04:36 2025
    XPost: alt.california, alt.fan.rush-limbaugh, sac.politics
    XPost: talk.politics.guns, alt.society.liberalism

    California's Department of Justice mistakenly posted the names, addresses
    and birthdays of nearly 200,000 gun owners on the internet because
    officials didn't follow policies or understand how to operate their
    website, according to an investigation released Wednesday.

    The investigation, conducted by an outside law firm hired by the
    California Department of Justice, found that personal information for
    192,000 people was downloaded 2,734 times by 507 unique IP addresses
    during a roughly 12-hour period in late June. All of those people had
    applied for a permit to carry a concealed gun.

    “The improper exposure of confidential personal data by DOJ, while unacceptable, was unintentional and not connected to any nefarious
    purpose,” investigators wrote in their report.

    An intentional breach of personal information carries more stiff fines and penalties under California law, according to Chuck Michel, an attorney and president of the California Rifle & Pistol Association. Michel said his
    group is preparing a class action lawsuit against the state.

    “There is a lot of gaps and unanswered questions, perhaps deliberately so,
    and some spin on this whole notion of whether this was an intentional
    release or not," he said. “This is not the end of the inquiry.”

    The release of the data over the summer came shortly after the U.S.
    Supreme Court ruled against a New York requirement that people must
    provide a reason to carry a concealed gun. California has a similar requirement, and efforts to change it following the court's ruling failed earlier this year.

    Michel said the leaked data had information about judges, law enforcement personnel and domestic violence victims who had sought gun permits.

    Officials at the California Department of Justice did not know about the
    breach until someone sent Attorney General Rob Bonta a private message on Twitter that included screenshots of the personal information that was available to download from the state's website, the investigation said.

    State officials at first thought the report was a hoax. Two unnamed
    employees — identified only as “Data Analyst 1" and “Research Center
    Director" — investigated and mistakenly assured everyone that no personal information was publicly available.

    Meanwhile, the website crashed because so many people were trying to
    download the data. Another group of state officials worked to bring the
    website back online, unaware of the data breach. They got the website
    working again at about 9:30 p.m., which included the personal information
    ready for download.

    State officials would not disable the website until about noon the next
    day. By then, the information had already been downloaded thousands of
    times.

    State officials thought they were providing anonymous information in the aggregate for research and media requests about the use of guns in
    California. But the employee who created the website included several
    datasets that contained personal information.

    Investigators found that no one — not the employee who compiled the data
    or the officials that supervised the employee — knew the proper security settings to prevent the data from being made available for download by the public.

    “This was more than an exposure of data, it was a breach of trust that
    falls far short of my expectations and the expectations Californians have
    of our department,” Bonta, the attorney general, said in a news release.
    “I remain deeply angered that this incident occurred and extend my deepest apologies on behalf of the Department of Justice to those who were
    affected.”

    Other information was also mistakenly released, including data from
    firearms safety certificates, dealer record of sale and the state's
    assault weapons registry. That data included dates of birth, gender and driver's license numbers for more than 2 million people and 8.7 million
    gun transactions. But investigators said there wasn't enough information
    in those datasets to identify anyone.

    Investigators recommended more training and planning for state officials, including a review and update of policies and procedures.

    "This failure requires immediate correction, which is why we are
    implementing all of the recommendations from this independent report,"
    Bonta said.

    https://www.ksby.com/news/california-news/report-california-gun-data- breach-was-unintentional

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)