Connect with us

Hi, what are you looking for?

Tech & Science

California legal system exposes details of concealed firearms permit holders

There are lessons that can be learned and corrective actions implemented to push back the possibility of similar incidences occurring.

The Supreme Court struck down New York’s century-old law restricting the carrying of concealed firearms Thursday. Source - Webmaster102 (CC BY 3.0)
The Supreme Court struck down New York’s century-old law restricting the carrying of concealed firearms Thursday. Source - Webmaster102 (CC BY 3.0)

A data breach has taken place within the state of California, leading to information about concealed permit holders becoming exposed. This could lead to considerable amounts of personal information being released into the digital realms of criminals.

The breach occurred as part of the Justice Department’s launch of its 2022 Firearms Dashboard Portal, highlighting a vulnerability with a new digital system.

To gain an insight into the incident and the cyberattack and security implications, Digital Journal heard from Tyler Glotz, Manager, Governance Risk & Compliance at LogRhythm.

A stand-out issue for Glotz relates to the type of information that was affected by the data breach and the implications for the community at large. Here Glotz finds: “This breach of personal identifiable information reflects the challenging nature of protecting information within state and local government agencies.”

At the heart of the issue, says Glotz, is available finances. He states: “Limited infosec budgets raise the risk of non-public data accidentally being released or intentionally breached by bad actors. We still don’t have word if this was a mistake or a hack, but the Fresno County Sheriff’s office is suggesting persons affected should file an online police report.”

Other aspects of the attack raise concerns about the operational tactic of cybercriminals, as well as informing about vulnerabilities within organisations overall.

With such concerns, Glotz cautions: “This event also raises questions of inside actors or hacktivists reacting to national changes in concealed carry law that came from NYSRPA v Bruen just days before. The list was circulated on several social media sites immediately after being made public. Release of sensitive data furthers the risk to real physical safety that results from a breach like this.”

As with any attack, there are lessons that can be learned and corrective actions implemented to push back the possibility of similar incidences occurring.

Here Glotz says: “State and local government entities should make sure to implement strong access controls, change management, and robust data classification procedures and processes to avoid accidentally disseminating personal information like this, or prevent them from being breached.”

Glotz acknowledges that firms need to do more to repel such attacks in the future, finding: “This incident stresses the importance of application and product security testing to ensure things like this don’t happen before something is pushed into production. When rolling out a new platform, it is best practice to perform a Data Privacy Impact Assessment to determine what privacy risks exist and how they can be mitigated.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

US President Donald Trump first unveiled his Gaza plan last week - Copyright AFP ROBERTO SCHMIDTDanny KEMPPresident Donald Trump said Palestinians would have no...

World

Countries party to the Paris Agreement have been consistently late in submitting climate targets to the United Nations - Copyright AFP/File Valery HACHENick PerryNearly...

Business

US federal workers face another deadline Monday to accept a mass buyout from their government jobs as a judge holds a key hearing.

Business

Lundmark, who has served as Nokia's CEO since 2020, will leave his position on March 31.