Over the last couple of days, the state AG made a database that was supposed to be only open to researchers, instead was made open to the public online.

This database contained the personally-identifying information in it for EVERY concealed carry permit-holder in the state. All of it. Names, addresses, birthdates. In addition to concealed carry permit holders’ information being released, the data were cross-referenceable with purchase data including make/model/date of purchase, and for EVERY gun owner in the state, with access to a drivers license number, the same purchase info (but not name/address) was made available.

These data were apparently intentionally released to allow people to assess the dangers of guns in their community. It is unclear why the PII was not redacted.

As of this morning (6/29/2022), the data are no longer available on the official websites, but the horse is out of the barn, as screenshots of the database are circulating online.

The California Constitution specifically addresses a right to privacy, and this massive failure on the part of the California AG and DOJ is appalling and puts all of us at risk.

California has some of the toughest privacy laws in the United States, the California Consumer Protection Act of 2018 establishes some pretty draconian penalties for corporations who mishandle the PII of California residents. The CA DOJ is exempt from those rules. Specifically, they are the agency charged with enforcing them. The irony of that should not be lost.

When we have more details on actions that can be taken by folks who have been impacted coming soon. This is an enormous breach of trust by the DOJ.

In the interim, if you live in California and own a firearm, you probably want to take some steps to protect yourself from Identity Theft. Freezing your credit, make sure you have multi-factor authentication on for important accounts like banking and the like. Your PII is out there in the wild, and it’s enough to potentially steal your identity. This interview with the EFF from Wired has some suggestions as well.

Lastly, if you are a California resident and have active restraining orders against people who wish you harm, you may want to take additional physical security steps.

edited to add the online privacy and physical security suggestions