Connect with us

Hi, what are you looking for?

Tech & Science

California DOJ data breach exposes vast amounts of personal information

The leak exposed names, addresses and license types of all concealed carry permit holders in California.

A man uses a laptop at a coffee shop in downtown Hanoi. - AFP
A man uses a laptop at a coffee shop in downtown Hanoi. - AFP

The names addresses and license types of all concealed carry permit holders in California were exposed after the state Department of Justice suffered a data breach. The Fresno County Sheriff’s Office on Tuesday learned of the breach from the California State Sherriff’s Association, according to a statement. The breach occurred as part of the state DOJ’s launch of its “2022 Firearms Dashboard Portal,” the sheriff’s office said.

To explore the ramifications, Digital Journal caught up with Nick Tausek, Security Automation Architect at Swimlane.

Tausek sees the significance of an institution like the Department of Justice being targeted, providing a sign that cyber-criminals will reach out and strike anywhere.

Here Tausek  notes: “Given that this breach involving the Department of Justice was the result of a data exposure on their recently launched site, and the breach informant was the California State Sheriff’s Association rather that a security researcher or a security operation center, it appears that this incident was the result of negligence, rather than an attack.”

Given the potential for human error shows systemic weaknesses in this and other state organisations.

In terms of the significance of the incidence, Tausek finds: “Although details are still sparse, it seems likely that this leak that exposed names, addresses and license types of all concealed carry permit holders in California may have been a result of improper authentication controls around accessing dashboards that house and permit access to this type of information.”

There are lessons that other organisations can draw from the incidence. As Tausek observes: “To lessen the chances of situations like this repeating themselves in the future, organizations– especially those as impactful as the Department of Justice– must prioritize the implementation of proper security controls.”

In terms of concrete examples, Tausek  recommends: “Robust password protection, multifactor authentication and regularly changing passwords can help organizations mitigate the risk of data leaks.”

With other measures to consider, the expert adds: “Leveraging low-code security automation allows companies to take a step further in their cybersecurity best practices by centralizing detection, investigation and response capabilities. With all-encompassing security platforms that automate tedious routines, the chance of human error is brought down to a minimum and device integrity remains at its maximum.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Nicole Janssen knows a thing or two about navigating fear of artificial intelligence

Life

Trump, who began his second term last month, has launched a crusade led by his top donor and world's richest man Elon Musk.

Tech & Science

How to detect an AI impersonation scam, and how to stay safe.

World

The word “incompetence” can do only so much.