Sacramento, CA (AP) — Cyber Security Specialist Home The Associated Press of California does not seem to have followed the basic security procedures on its website and has disclosed the personal information of hundreds of thousands of gun owners.
This website is designed to display only general data on the number and location of hidden firearm permits by year and county. But for about 24 hours starting Monday, with just a few clicks on a spreadsheet containing your name and personal information, you're ready to review or download.
Katie Moussouris, Founder and CEO of Luta Security, needs access control to ensure that information is out of the reach of unnecessary parties, and sensitive data is encrypted. Said it needs to be. It can not be used.
The damage depends on who accessed the data, she said. She said criminals could sell or use personally identifiable information or use the criminal record of a person seeking a permit "for blackmail and leverage."
Already some people are trying to use the information to criticize gun control advocates who say they have been revealed to be hiding the carry permit. An online site called The Gun Feed contained a post calling on a top lawyer at the Giftds Law Center to Prevent Gun Violence. However, the center said the site had the wrong person, the person with the same name as the lawyer.
The other five firearm databases were also compromised, but Attorney General Rob Bonta's office couldn't even know what happened or even how many people were in the database. ..
"We are comprehensively and thoroughly investigating every aspect of the case and will take all appropriate steps in response to what we have learned," his office said on Friday. Said in a statement.
One of the other databases lists pistols but not people, but other databases containing gun violence control orders contain names. He did not, but said he may have had other identification information.
"The amount of information is very sensitive," said Sam Palades, Executive Director of Cancer Owners, California.
"Deputy DAs, police officers, judges, they do everything they can to protect the address of their residence," he said. "It is immeasurable that the Attorney General has endangered hundreds of thousands of people."
Chuck Michelle, chairman of the California Rifle Pistol Association, said a gun expected to be a class action. Said it handles hundreds of calls and emails from its owner.
Inappropriate releases a few days after the U.S. Supreme Court made it easier for people to carry hidden weapons, and Bonta collaborated with state legislators to make California's new vulnerable. It was after patching the hidden carrying method.
So far, there is no evidence that the leak was intentional. An independent cybersecurity expert said the release could have been easily overlooked.
Bonta's office was unable to know if the database was downloaded and how often it was downloaded. Moussouris said that if you have access logs, the agency has that information. This is what she calls the basic and necessary steps to protect sensitive data.
Tim Marley, Vice President of Risk Management for cybersecurity firm Cerberus Sentinel, questioned the speed with which government agencies responded to website issues that should be constantly monitored.
"Given the confidentiality of the published data and its potential impact on the people directly involved, we expect to respond within 24 hours from notification to action. "He said.
Bonta's office said it was reviewing the timeline to see when the problem was discovered.
When designing a public website, "you must always strive to design security in your process," Marley said.
He said developers also need to properly test their systems before launching new code or modifying existing code. However, organizations often rush to make changes because they "focus on making things work rather than making them work safely."
All Republicans and Senators are Democrats running for reelection to increase his disclosure of the revocation of information they said violated state law, Bonta. Called to. They also sought specific information on releases and investigations, and Senators criticized the department for the apparent lack of testing and security.
Sign up to receive daily top stories from National Post, a division of Postmedia Network Inc. By clicking the
Thank you for registering.
A welcome email has been sent. If you don't see it, check your junk folder.
The next issue of NPPosted will arrive in your inbox shortly.