California "accidentally" leaks personal info of gun permit holders

AP Photo/Charlie Riedel

If you live in California and want to legally own a firearm, you already know how difficult the process to acquire a permit and complete your registration is. And that’s by design, of course. You have to provide the state will all sorts of personal information beyond just your name and address. The state collects your date of birth, your race, and pretty much everything else you can think of. But at least when you get to the end of that road you have the ability to defend yourself, right?

Well, you might have a more urgent need for self-defense in the near future. This year, the state took all of that information and loaded it into an online “dashboard,” with parts of the data (supposedly) being made available to the public. Unfortunately, when it went live on Monday of this week, there was a large, friendly button on the page that allowed users to download the information for local storage. But instead of the barebone basics, the database downloaded everything. Names, addresses, contact information… the whole ball of wax. And plenty of people apparently took advantage of that treasure trove before the capability was erased the following day. (The Reload)

California gun owners have been put at risk by the Attorney General’s office after a new dashboard leaked their personal information.

The California Department of Justice’s 2022 Firearms Dashboard Portal went live on Monday with publicly-accessible files that include identifying information for those who have concealed carry permits. The leaked information includes the person’s full name, race, home address, date of birth, and date their permit was issued. The data also shows the type of permit issued, indicating if the permit holder is a member of law enforcement or a judge.

The Reload reviewed a copy of the Lost Angeles County database and found 244 judge permits listed in the database. The files included the home addresses, full names, and dates of birth for all of them. The same was true for seven custodial officers, 63 people with a place of employment permit, and 420 reserve officers.

As noted in the linked report, there were records of almost 3,000 permit holders just in Los Angeles County alone. The places of employment were listed for those who had requested a permit so they could carry a firearm at work. And if you are a law enforcement officer or a judge, that information was included as well. The personal information for 244 judges was included.

Let’s stop for a moment and consider all of the recent threats against judges that are currently taking place. This would allow anyone to create and distribute a handy map for activists to locate the homes of those judges and show up to do who knows what. Of course, one of the saving graces in all of this is that if you’re planning to go harass a judge, you might not want to pick one that you know in advance is armed.

Such a database would be useful for all sorts of criminals. If you can conclusively identify when someone on the list is out of town for a while, that person would likely make a prime target for a robbery because guns – particularly handguns – sell very well on the black market.

So it’s no exaggeration to say that this situation is quite bad. But how did it happen? If you’re tasked with creating such a set of databases and a “dashboard” to put them online, you would obviously have been told which portions of the data could be made public and which couldn’t be. How bad at your job would you have to be to just slap a button on the page that would let anyone download the entire trove? And for that matter, why were any data fields containing information that was not allowed to be made public included in the database to begin with? Shouldn’t that have been kept separate in a secure database only available to law enforcement?

This all seems like a bit too much to write off as a simple programming error. And now the data is out in the wild being shared by an unknown number of people. If any of the people on the list suddenly becomes the victim of a “spontaneous” attack by people protesting gun rights or other subjects of recent court decisions, the people responsible for launching this dashboard should be brought in for questioning and held accountable. The California Rifle & Pistol Association is already looking into potential litigation over this, so we’ll monitor the situation and see how that turns out.