Connect with us

Hi, what are you looking for?

Tech & Science

California DOJ data breach exposes vast amounts of personal information

The leak exposed names, addresses and license types of all concealed carry permit holders in California.

A man uses a laptop at a coffee shop in downtown Hanoi. - AFP
A man uses a laptop at a coffee shop in downtown Hanoi. - AFP

The names addresses and license types of all concealed carry permit holders in California were exposed after the state Department of Justice suffered a data breach. The Fresno County Sheriff’s Office on Tuesday learned of the breach from the California State Sherriff’s Association, according to a statement. The breach occurred as part of the state DOJ’s launch of its “2022 Firearms Dashboard Portal,” the sheriff’s office said.

To explore the ramifications, Digital Journal caught up with Nick Tausek, Security Automation Architect at Swimlane.

Tausek sees the significance of an institution like the Department of Justice being targeted, providing a sign that cyber-criminals will reach out and strike anywhere.

Here Tausek  notes: “Given that this breach involving the Department of Justice was the result of a data exposure on their recently launched site, and the breach informant was the California State Sheriff’s Association rather that a security researcher or a security operation center, it appears that this incident was the result of negligence, rather than an attack.”

Given the potential for human error shows systemic weaknesses in this and other state organisations.

In terms of the significance of the incidence, Tausek finds: “Although details are still sparse, it seems likely that this leak that exposed names, addresses and license types of all concealed carry permit holders in California may have been a result of improper authentication controls around accessing dashboards that house and permit access to this type of information.”

There are lessons that other organisations can draw from the incidence. As Tausek observes: “To lessen the chances of situations like this repeating themselves in the future, organizations– especially those as impactful as the Department of Justice– must prioritize the implementation of proper security controls.”

In terms of concrete examples, Tausek  recommends: “Robust password protection, multifactor authentication and regularly changing passwords can help organizations mitigate the risk of data leaks.”

With other measures to consider, the expert adds: “Leveraging low-code security automation allows companies to take a step further in their cybersecurity best practices by centralizing detection, investigation and response capabilities. With all-encompassing security platforms that automate tedious routines, the chance of human error is brought down to a minimum and device integrity remains at its maximum.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Social Media

Does America, already so happily living among the gangs and mass shootings, really want a civil war? Maybe not?

Tech & Science

Healthcare organisations present an attractive target to cybercriminals due to the vast amounts of personal data that needs to be held about each patient....

Business

The crypto crash brought devastation for small investors and bankruptcy for many companies.

Business

Japan's economy expanded in the three months to June, official data showed Monday.