SACRAMENTO, Calif. (AP) — Cybersecurity experts say the California Department of Justice apparently failed to follow basic security procedures on its website, exposing the personal information of potentially hundreds of thousands of gun owners.
The website was designed to only show general data about the number and location of concealed carry gun permits, broken down by year and county. But for about 24 hours starting Monday a spreadsheet with names and personal information was , ready for review or downloading.
Katie Moussouris, founder and CEO of Luta Security, said there should have been access controls to make sure the information stayed out of the reach of unwanted parties, and the sensitive data should have been encrypted so it would have been unusable.
The damage done depends on who accessed the data, she said. Criminals could sell or use the , or use permit-seekers’ criminal histories “for blackmail and leverage,” she said.
Already some are attempting to use the information to criticize gun control advocates who they say were revealed as having concealed carry permits. An online site called The Gun Feed included a post calling out a top lawyer for the Giffords Law Center to Prevent Gun Violence. But the center said the site had the wrong person — someone with the same name as its lawyer.