California DOJ exposes personal information of concealed carry permit holders

Attorney General Rob Bonta


The California Department of Justice has inadvertently made public the personal information of many concealed carry permit holders, as well as individuals who were denied citizen concealed weapon (CCW) permits.

On Monday, the DOJ updated its Firearms Dashboard Portal. Amid the update, the DOJ exposed the personal information of individuals who were granted or denied a concealed carry permit between 2011 and 2021.

The information exposed in the data breach included individuals’ names, birthdates, genders, races and criminal history. The breach did not expose social security numbers or any financial information, according to the DOJ. 

Data and personal information were accessible to the public in a spreadsheet on the Firearms Dashboard Portal. The personal information remained publicly accessible for less than 24 hours, the DOJ says. 

After learning of the data exposure, the DOJ took steps to remove the information from public view and shut down the Firearms Dashboard. The DOJ shut down the dashboard Tuesday morning. 

“This unauthorized release of personal information is unacceptable and falls far short of my expectations for this department,” Attorney General Rob Bonta said in a statement. “I immediately launched an investigation into how this occurred at the California Department of Justice and will take strong corrective measures where necessary. The California Department of Justice is entrusted to protect Californians and their data. We acknowledge the stress this may cause those individuals whose information was exposed. I am deeply disturbed and angered.”

In accordance with state law, the DOJ will notify individuals whose data was exposed and will provide additional information and resources. 

The DOJ asks that anyone who accessed the personal information that was exposed to respect the privacy of affected individuals and not share or disseminate any of it. Possession or use of personal identifying information for an unlawful purpose may constitute a crime, the DOJ says.

Following the data breach, the California State Sheriffs’ Association (CSSA) issued a public alert, stating it is alarmed by what transpired. It appears that, prior to the breach being detected by the DOJ, the personal information had been copied, and at least some of it was posted online, according to the CSSA.

“It is infuriating that people who have been complying with the law have been put at risk by this breach,” CSSA President and Butte County Sheriff Kory Honea said. “California’s sheriffs are very concerned about this data breach and the risk it poses to California’s CCW permit holders.”