The letters have started to arrive.
The letters where Attorney General Rob Bonta informs gun owners throughout the state that a “security incident” had recently occurred whereby the Department of Justice had publicly released a boatload of personal data. “Security incident” indeed.
Let’s be real: it was a horrendous leak that could have grave consequences.
The letter reiterates what happened and what they are doing about it. Below you will find their explanations, followed by GOC’s commentary:
DOJ: WHAT HAPPENED
Dated July 8, 2022, the letter states: On June 27, 2022, “personal information was disclosed in connection with the update of the DOJ’s Firearms Dashboard Portal.”
GOC: WHAT DIDN’T HAPPEN
They didn’t protect us. There have been numerous bills presented before the Legislature in recent years which pertain to the collection of gun owners’ private information. GOC has consistently opposed such measures, citing security concerns regarding the transference of data and who has access to what. Repeatedly, the Department has stressed their use of multiple step protocols to data safety, and that there is no danger of private information coming in to the hands of unauthorized individuals.
We simply cannot believe them.
DOJ: WHAT INFORMATION WAS INVOLVED
For those who were granted or denied a concealed carry license permit between 2011-2021, “the name, date of birth, gender, race, CCW license number, California Information Index number and other government issued identifiers such as driver’s license number” were released.
GOC: WHAT OTHER INFORMATION WAS RELEASED
Although CCW applicants were notified about the release of their data, the Department failed to mention to individuals receiving the CCW letter that confidential information was also leaked from the entire Dealer Record of Sale list, the Assault Weapons Registry as well as individuals on reports for Gun Violence Restraining Orders. In all, these lists total hundreds of thousands of people.
DOJ:WHAT WE ARE DOING
We are working to “improve security” and are “offering complimentary access to credit monitoring services through IDX…”
GOC: WHAT THEY SHOULD BE DOING:
With the leak of such private information, the Department of Justice has quite literally provided a road map to the homes of people who own guns – and those who don’t. They have kicked the door wide open to theft and violence.
They should be offering every single individual who had their data compromised hard resources to protect their homes and families. Alarm systems. Security services. Something more than a phone number to a credit bureau monitoring system.
DOJ: WHAT YOU CAN DO
“Remain vigilant against incidents of identity theft and fraud…”.
GOC: WHAT YOU CAN DO – REALISTICALLY SPEAKING
Unfortunately, the damage as been done; there is nothing anyone one can do retrospectively to protect their private details. And yes – the Department has recommended that we “remain vigilant against incidents of identity theft and fraud…” and they have extended what we think is a cotton candy type olive branch to make us compromised individuals feel better about their “leak.”
DOJ has contracted with IDX to provide credit and CyberScan dark web monitoring; the names of those affected have already been provided to IDX. To begin the process, one must first provide an “enrollment code” listed on the notification letter and then an email will be sent to confirm information. At this juncture, however, who wants to provide any information to anyone associated with the DOJ?
Regardless of our justified skepticism, GOC is recommending every single individual who had their private information released on the internet to sign up with IDX. Remember – the Department is on the hook to pay for all of this and pay they should. But we mustn’t forget this key fact: financial safety is one thing – but the DOJ is completely ignoring the physical harm that could come to those whose confidential information was released to the entire world. What is their plan to address this?
GOC: IN THE MEANTIME…
We are taking steps to make certain the Department of Justice understands – in no uncertain terms – the gravity of this situation. Thus, for those who are interested participating in a potential class action “It’s a leak – not a breach” lawsuit, email ** email@example.com **. GOC is partnering with CRPA in the collection of data, so please forward your name, county of residence and email address, and as things progress, you may be contacted to provide additional information regarding your specific circumstance.
As we have said, this is a reckoning. It’s time to fight back and hit them where it hurts. Stay tuned!