California Department of Justice lacks basic protections for gun owner information, experts say

Cybersecurity experts say the California Department of Justice appears to have failed to follow basic security procedures on its website, exposing the personal information of hundreds of thousands of gun owners.

The site is designed to show only general data on the number and location of concealed gun permits, broken down by year and county. But in about 24 hours starting Monday, a spreadsheet with your name and personal information is just a few clicks away, ready for review or download.

Katie Moussouris, founder and CEO of Luta Security, says access controls should be in place to ensure information stays out of the reach of unwanted parties and sensitive data should be kept safe. encode it so it’s unusable.

The damage that happens depends on who accessed the data, she said. Criminals can sell or use personally identifiable information or use the criminal history of license applicants “for extortion and leverage,” she said.

Some are trying to use this information to criticize gun control advocates, who they say have been revealed to have concealed carry permits. An online website called The Gun Feed posted a post calling for a top attorney from the Giffords Law Center to Stop Gun Violence. But the center said the website had the wrong person – someone with the same name as their lawyer.

Five other firearm databases were also compromised, but Attorney General Rob Bonta’s office could not say what happened or even how many people were in the database.

“We are conducting a thorough and thorough investigation into all aspects of the incident and will take any and all appropriate measures in response to what we learn,” the statement said. his office said in a statement Friday.

It said one of the other databases listed handguns but not people, while others, including for gun violence restriction orders, did not have names but may have identifying information. another form.

“The volume of information is extremely sensitive,” said Sam Paredes, chief executive officer of Gun Owners of California.

“Deputy DA, police, judges, they do everything to protect their residential address,” he said. “The danger that the headmaster has placed hundreds of thousands of people … in is immeasurable.”

Attorney Chuck Michel, president of the California Rifle and Pistol Association, said he has received hundreds of calls and emails from gun owners wanting to join what he expects will be a class action lawsuit.

The improper release comes days after the US Supreme Court made it easier for people to carry concealed weapons, and as Bonta worked with state lawmakers to patch concealed carry laws. California’s New Vulnerable Seal.

So far there is no evidence that the leak was intentional. Independence network security The release could easily be subject to lax scrutiny, experts say.

Bonta’s office could not say whether or not the databases were downloaded and how often. Moussouris said the agency has that information if it is keeping access logs, which she calls a fundamental and necessary step to protecting sensitive data.

Tim Marley, vice president of risk management at cybersecurity firm Cerberus Sentinel, questioned the agency’s speed of response to an incident with a website that should have been monitored. continuous.

“Due to the sensitive nature of the disclosed data and the potential impact on those directly involved, I expect a response in less than 24 hours from notification to action,” he said.

Bonta’s office said it was reviewing the timeline to see when the issue was discovered.

“The design of public websites” should always be done with an effort to design security in the process,” says Marley.

Developers also need to properly test their systems before launching any new code or modifying existing code, he said. However, organizations are often rushing to change because they are focused “on getting it to work rather than making it work safely.”

Every Republican senator and member of Congress is calling on Bonta, a Democrat running for re-election, to step up her disclosures about invalidating information they believe to be infringing. violate state law. They also asked for specifics about releases and investigations, and senators criticized the department for its apparent lack of testing and confidentiality.

Source link


News7h: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button