Printer-friendly versionPrinter-friendly version Share this

By Miriam Raftery

June 29, 2022 (Sacramento) – The California Department of Justice today revealed that a data breach of concealed carry applicants is far wider than originally reported.

According to the DOJ’s press release today,  “Based on the Department’s current investigation, the incident exposed the personal information of individuals who were granted or denied a concealed and carry weapons (CCW) permit between 2011-2021. Information exposed included names, date of birth, gender, race, driver’s license number, addresses, and criminal history. Social Security numbers or any financial information were not disclosed.”

Such disclosure puts gun owners or applicants at risk of identity theft and potential harm. The list includes judges, prosecutors, law enforcement officers and individuals, presumably including victims of domestic violence or stalking who may have sought to carry a gun for personal protection and now have their home addresses revealed. Disclosure of criminal records could potentially also have negative impacts for some permit applicants.

According to the Department of Justice, the data was briefly downloadable online when the agency updated its Firearms Dashboard portal on Monday, and the information has since been removed. However, the agency now discloses, data from the following dashboards were also impacted: Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Safety Certificate, and Gun Violence Restraining Order dashboards. DOJ is investigating the extent to which any personally identifiable information could have been exposed from those dashboards.

“This unauthorized release of personal information is unacceptable and falls far short of my expectations for this department,” said Attorney General Rob Bonta. “I immediately launched an investigation into how this occurred at the California Department of Justice and will take strong corrective measures where necessary. The California Department of Justice is entrusted to protect Californians and their data. We acknowledge the stress this may cause those individuals whose information was exposed. I am deeply disturbed and angered.”

It is unclear whether the leak of private information on the DOJ website resulted from an intentional leak by a a DOJ employee or other insider, an accidental action, or a malicious hack.

The department has pledged to notify everyone whose data was exposed and provide additional resources, including how to sign up for free credit monitoring services.

The breach occurred following enactment of Assembly Bill 173, passed last September, which allows disclosure of certain information on gun owners to universities and other research institutions; the NRA has filed suit in an effort to stop this disclosure of sensitive information. The DOJ, during an April 5 hearing in the Doe v. Bonta case, acknowledged that disclosure of such information would have civil remedies even if the information was negligently disclosed, as well as possibly criminal implications.

The California Rifle and Pistol Association has called for an independent investigation and indicated it may file suit over the breach. “CRPA and our attorneys are exploring all options, up to and including litigation,” the association stated, the Los Angeles Times reports.

The Department of Justice asks that anyone who accessed the info while it was briefly online to “respect the privacy of the individuals involved and not share or disseminate any of the personal information,” adding that anyone who possesses or uses personal identifying information for an unlawful purpose may be guilty of a crime under the state penal code.

But the National Rifle Association’s Institute for Legislative Action states on its website that social media users who first reported the leak have indicated that “individuals were able to download all of the leaked personal information from the DOJ website—meaning this information is likely now in the public in perpetuity.”

The firearms news outlet Reload reported yesterday that it reviewed a video showing the database was briefly available for download via a button on the website’s mapping feature.

Besides registering for free credit monitor, the Department of Justice published this list of steps that should be taken immediately to protect your information related to credit, if your data was breached:

  • Monitor your credit.  One of the best ways to protect yourself from identity theft is to monitor your credit history.  To obtain free copies of your credit reports from the three major credit bureaus go to
  • Place a fraud alert on your credit report. A fraud alert helps protect you against the possibility of someone opening new credit accounts in your name. A fraud alert lasts 90 days and can be renewed. To post a fraud alert on your credit file, you must contact one of the three major credit reporting agencies listed above. Keep in mind that if place a fraud alert with any one of the three major credit reporting agencies, the alert will be automatically added by the other two agencies as well.
  • Additional Resources. If you are a victim of identity theft, contact your local police department or sheriff’s office right away. You may also report identity theft and generate a recovery plan using the Federal Trade Commission’s website at For more information and resources visit the Attorney General’s website at


Error message

Support community news in the public interest! As nonprofit news, we rely on donations from the public to fund our reporting -- not special interests. Please donate to sustain East County Magazine's local reporting and/or wildfire alerts at to help us keep people safe and informed across our region.


Correction by author of this article requested

Why are you using the word BREACH? You know this is incorrect. The was NO breach here. No Hack. No theft of data. The Calif.DOJ 2022 Firearms Dash Board Portal went live Monday giving TOTAL public access of all CCW permit holders on file from 2011-2022. This WAS INTENTIONAL. THIS action came directly from the offices of Attorney General Rob Bonta. HE is totally responsible here. This incompetent political hack should be immediately removed from office and hopefully held civilly if not criminally liable for the thousands of people this fool has now put a risk. This was not a mistake . Just, OH SO TIMELY . Our slime ball Governor and the house plant in the White House BOTH condemned the Supreme Court decision involving CCW's permits promising to do what ever they could do to fight the SC ruling. They are off to a good start. This party is SO corrupt.

No correction needed. The definition of security breach includes

both intentional and unintentional disclosure of personal data, whether by an insider or a hacker.  Here's one of many sources: 

The data was made public on the DOJ's website as we accurately reported.  As of when this was published, the DOJ was still investigating how this occurred.

I do agree that the agency should be held accountable, regardless of how or why the data was disclosed. If intentional, the individual responsible should also be held accountable.  



hey charlesbarranco

are you another retrumplican that does not believe in majority rule? the "Our slime ball Governor" as you call him was ELECTED by the majority!!! don't like it go somewhere where there is NO elections!

I have a weapon

but I am glad this happened! the right to have arms does not mean you get to do as you please. claiming everything is protected by the second amendment is a cop out. we already have a military.