DOJ breach puts CCW permit holders information at risk

A data breach by The Department of Justice exposes personal information about individuals who obtained or applied for a concealed and carry weapons permit

TULARE COUNTY – Several individuals who have applied for a concealed and carry weapons permit in the last decade, may be at risk of identity theft after a recent data breach.

After the recent unauthorized release of personal information from the California Department of Justice (DOJ) Sheriff Mike Boudreaux does not think there is a concern for concealed weapon holders in the county, but they should be cautious. 

“I really don’t feel that there is a concern to the safety of the concealed weapon holder,” Boudreaux said. “With all that information out there, my biggest concern is identity theft, not the safety of the person carrying a concealed weapon.”

On June 27, the DOJ announced that personal information of individuals who had applied for a concealed and carry weapons (CCW) permit from 2011-2021 was disclosed in connection with an update of its firearms dashboard portal. Information of both those who were granted and denied a permit was exposed.

Boudreaux said there is a several step process before someone can receive their permit. The process is in place to keep everyone safe, and when a law-abiding citizen has done everything correctly to receive their permit, a breach such as this one is unacceptable.

“I’m a huge supporter of our Second Amendment anyway, and you know, it does say that your right to bear arms will not be infringed upon,”  Boudreaux said.

In order for an individual to have a CCW permit, they must first apply at the sheriff’s office and pay a fee, some of which goes to the DOJ. The application process starts at the sheriff’s department where they will run the individual’s fingerprints and send them to the DOJ to check for a history. They are looking for a criminal record or any record of mental health issues in or out of state. The applicant will then need to submit three references and take an eight hour gun safety course and spend time on the shooting range. 

If all the information shows the applicant to be a responsible adult, the application will move forward for approval. This permit only allows for the individual to carry the gun they have registered with, not any weapon. According to Teresa Douglass with the Sheriff’s office, a little over 16,000 concealed carry permits have been issued in Tulare County.

Because the information breach was at the level of the DOJ, Bourdeaux does not see it having an effect on individuals around the area. He is more concerned that individuals will be victim to identity theft than any danger to the permit holders themselves. The Sheriff’s Department put out a statement warning permit holders to be aware of any information that could have been compromised.

The DOJ also sent out a notice warning individuals that the information that could have been exposed includes names, date of birth, gender, race, driver’s license number, addresses and criminal history. Fortunately the DOJ’s statement notes social security numbers and financial information were not disclosed as a result of the event.

Data from dashboards including the assault weapon registry, handguns certified for sale, dealer record sale, firearm safety certificate and gun violence restraining order dashboards were also impacted. This event occurred on the afternoon of June 27, after the DOJ had posted updates to the firearms dashboard portal. The disclosure of information was accessible through a spreadsheet on the portal and was up for less than 24 hours. 

“This unauthorized release of personal information is unacceptable and falls far short of my expectations for this department,” said California Attorney General Rob Bonta. “I immediately launched an investigation into how this occurred at the California Department of Justice and will take strong corrective measures where necessary. The California Department of Justice is entrusted to protect Californians and their data. We acknowledge the stress this may cause those individuals whose information was exposed. I am deeply disturbed and angered.”

In an abundance of caution, the Department of Justice will provide credit monitoring services for individuals whose data was exposed as a result of this incident. DOJ will directly contact individuals who have been impacted by this incident and will provide instructions to sign up for this service.

Start typing and press Enter to search