IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Lawsuit Filed Over Massive California DOJ Data Leak

A lawsuit has been filed against California Attorney General Rob Bonta as a result of the June exposure of a trove of personal data housed in the Department of Justice’s Firearms Dashboard Portal.

DOJ Firearms Dashboard Portal.JPG
This message appears to anyone accessing the California Department of Justice Firearms Dashboard Portal following a June 27 exposure of personal data.
Image courtesy of the California Department of Justice (screenshot)
(TNS) — An Upland attorney is suing California Attorney General Rob Bonta after a leak exposed the contents of a state database of concealed weapon permit holders’ personal data.

“We have four females. They’re all solid human beings. Older. Every one of the females that we represent obtained their (carrying a concealed weapon permit) because they’re upstanding citizens, they’re good mothers, they’re concerned for the safety for their families,” attorney Brian Hannemann said Monday, July 18. “They’re not ‘let’s go shoot automatic weapons on weekends.’ They’re regular people who want to protect their families. They’re ordinary soccer moms.”

On June 27, California’s new 2022 Firearms Dashboard Portal went online. The dashboard was only supposed to provide specific public information, including a decade’s worth of gun sales records, gun violence restraining orders, CCW permits, firearms safety certificates, assault weapons and a roster of certified handguns. The goal, according to Bonta’s office, was to provide actual hard numbers for a debate often lacking them.

But the personal data of at least 242,727 people who applied for a permit between 2011 and 2021, including at least 140 current or former judges, was made available. The information was taken down in less than 24 hours, according to Bonta’s office. News of the data breach first came to light June 28, when the Fresno County Sheriff’s Office announced they had been told of the leak by California Department of Justice.

“This unauthorized release of personal information is unacceptable and falls far short of my expectations for this department,” Bonta said in a statement released by his department. “I immediately launched an investigation into how this occurred at the California Department of Justice and will take strong corrective measures where necessary. The California Department of Justice is entrusted to protect Californians and their data. We acknowledge the stress this may cause those individuals whose information was exposed. I am deeply disturbed and angered.”

The leak occurred four days after the U.S. Supreme Court called New York’s restrictions on CCW permits to be unconstitutional, a decision expected to potentially increase the number of concealed weapons in California, which had a similarly restrictive law.

In his lawsuit, Hannemann says Bonta violated his clients’ Second Amendment rights to keep and bear arms, including through the chilling effect that applying for a CCW permit in the future may lead to their personal data being revealed to criminals and the public; their Fourth Amendment rights to privacy; California’s constitutional rights to privacy; and California’s Information Practices Act of 1977, which limits government use of personal data.

He’s seeking compensatory damages and a declaration that the state collecting this information violates both federal and state law.

The California Department of Justice did not immediately respond Monday afternoon to a request for comment on the lawsuit.

A class-action lawsuit by the National Association for Gun Rights was filed against Bonta on July 1, but Hannemann said that suit isn’t attempting to get discovery about how the leak happened, which his suit is doing.

News of the dashboard data leak has been jarring to permit holders and applicants, including Hannemann’s clients.

“None of them would have gotten CCWs if they had known this was going to happen,” he said.

Among the information posted were the full name, date of birth, address, gender, race and CCW license number. In some cases, a driver’s license number was also available.

The state dashboard was taken offline June 28 and remains offline as of July 18.

Critics blasted the California Department of Justice over the leak:

“The Riverside County Sheriff’s Department is demanding a detailed and thorough investigation of the DOJ to determine the cause and reason this information was publicly released,” a sheriff’s department news release reads in part. “The safety and security of our community members is our highest priority and we are committed to holding DOJ accountable by demanding reassurance and a prevention plan that our citizens will not be endangered by future criminal or negligent data leaks.”

In a tweet, Assembly Republican leader James Gallagher, R- Chico, called the leak “another example of how inept our state government is.”

Nathan Hochman, who is facing Bonta in the Nov. 8 election for attorney general, tweeted that the “improper and egregious leak of Concealed Carry Weapons permit data has endangered firearm permit holders statewide, such as judges, reserve officers and domestic violence victims.”



Hannemann, a CCW permit-holder himself, says the leak shows that having a single master database of this information — rather than having it be at the county level, as sheriff’s departments are the agencies that issue the permits in the state — is an inherently bad idea. (Hannemann, and San Diego attorney Marc Mabile, are also plaintiffs in the lawsuit.)

He wants the state to allow permit-applicants to list a P.O. Box for their address.

“Now, if the information somehow leaks, criminals will know where we live,” he said. “We want all CCW holders to be treated like police officers, so their data will be private.”

According to California State Sheriff’s Association, the leaked information has been copied and at least some of it was posted online before the data breach was detected. As of July 18, there has been no official confirmation that the data was downloaded or that any private list of CCW permit holders and applicants exists.

Hannemann believes the worst, however.

“Bonta does not admit whether or not he has proof that the data was accessed by someone on the web,” he said. “When someone doesn’t deny it, that means the opposite is true.”

©2022 MediaNews Group, Inc, Distributed by Tribune Content Agency, LLC.