An unsecured California Department of Justice spreadsheet exposes user information

An unsecured California Department of Justice spreadsheet exposes user information

https://www.theguardian.com/us-news/2022/jun/30/california-gun-owners-data-breach

Exploit: Human Error
California Department of Justice: State Government Agency

-Hastings-img1

Risk to Business: 2.617 = Moderate

The California Department of Justice has disclosed a messy data breach courtesy of its Firearms Dashboard Portal. In the course of an update in late June, user data for anyone who had applied for a concealed carry firearms permit from 2011 through 2021 using the site was exposed for an estimated 24 hours in an unsecured spreadsheet. Data was also exposed on several other state-maintained gun-related online dashboards, including the Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Safety Certificate and Gun Violence Restraining Order dashboards.

-Hastings-img1

Individual Risk: 2.613 = Moderate

User data that may have been exposed includes names, dates of birth, gender, race, driver license numbers, addresses, and criminal histories. Social Security numbers and financial information were not involved.

How It Could Affect Your Customers’ Business: SMBs that handle or store large amounts of data have been high on cybercriminal shopping lists, particularly in recent months.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.