Connect with us

Hi, what are you looking for?

Tech & Science

California legal system exposes details of concealed firearms permit holders

There are lessons that can be learned and corrective actions implemented to push back the possibility of similar incidences occurring.

The Supreme Court struck down New York’s century-old law restricting the carrying of concealed firearms Thursday. Source - Webmaster102 (CC BY 3.0)
The Supreme Court struck down New York’s century-old law restricting the carrying of concealed firearms Thursday. Source - Webmaster102 (CC BY 3.0)

A data breach has taken place within the state of California, leading to information about concealed permit holders becoming exposed. This could lead to considerable amounts of personal information being released into the digital realms of criminals.

The breach occurred as part of the Justice Department’s launch of its 2022 Firearms Dashboard Portal, highlighting a vulnerability with a new digital system.

To gain an insight into the incident and the cyberattack and security implications, Digital Journal heard from Tyler Glotz, Manager, Governance Risk & Compliance at LogRhythm.

A stand-out issue for Glotz relates to the type of information that was affected by the data breach and the implications for the community at large. Here Glotz finds: “This breach of personal identifiable information reflects the challenging nature of protecting information within state and local government agencies.”

At the heart of the issue, says Glotz, is available finances. He states: “Limited infosec budgets raise the risk of non-public data accidentally being released or intentionally breached by bad actors. We still don’t have word if this was a mistake or a hack, but the Fresno County Sheriff’s office is suggesting persons affected should file an online police report.”

Other aspects of the attack raise concerns about the operational tactic of cybercriminals, as well as informing about vulnerabilities within organisations overall.

With such concerns, Glotz cautions: “This event also raises questions of inside actors or hacktivists reacting to national changes in concealed carry law that came from NYSRPA v Bruen just days before. The list was circulated on several social media sites immediately after being made public. Release of sensitive data furthers the risk to real physical safety that results from a breach like this.”

As with any attack, there are lessons that can be learned and corrective actions implemented to push back the possibility of similar incidences occurring.

Here Glotz says: “State and local government entities should make sure to implement strong access controls, change management, and robust data classification procedures and processes to avoid accidentally disseminating personal information like this, or prevent them from being breached.”

Glotz acknowledges that firms need to do more to repel such attacks in the future, finding: “This incident stresses the importance of application and product security testing to ensure things like this don’t happen before something is pushed into production. When rolling out a new platform, it is best practice to perform a Data Privacy Impact Assessment to determine what privacy risks exist and how they can be mitigated.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Moncton builds innovation momentum with programs like TechConnect Southeast, linking talent, startups, and community growth.

Business

"We have to build a foundation of trust,” she said. “It truly unlocks strategic partnerships.”

Social Media

Trump announced Thursday he had given social media platform TikTok another 90 days to find a non-Chinese buyer.

Tech & Science

How good is ChatGPT? Not that good when it comes to providing financial insights.