CRPA: California "data breach" exposes personal details of concealed carry holders

AP Photo/Mark J. Terrill

A “data portal” unveiled by California Attorney General Rob Bonta’s office allowed users to access the personal and confidential information of those who possess a Concealed Handgun Permit in the state, according to an alert sent out by the California Rifle & Pistol Association on Tuesday afternoon.



Just days after last week’s NYSRPA v Bruen ruling was released, Attorney General Rob Bonta’s new data portal made public (for at least some period of time) the personal data of every CCW holder in the state, including drivers license numbers, addresses, and much more.  Those impacted include law enforcement, judges, and anyone else who has chosen to legally arm themselves for self-defense…like rape and domestic violence victims.

As of this email, the AG’s office has not formally responded to the breach or provided any information on if it has been fully controlled or even who was impacted. The timing of the breach, coming as Gov. Newsom, AG Bonta, and others scramble to thwart the 2A rights roundly affirmed by the Supreme Court last week, is suspicious at the very least.

An attorney at Michel and Associates (the law firm run by CRPA president Chuck Michel) shared more info on Twitter.

Moros also quoted one anonymous Reddit user who claims he was able to access all kinds of personal information about himself and others.

For those who are unaware – this data leak is more than CCW holders. A person with your DOB and a general idea of gunstores in your area can find your gun purchase history. Someone with your driver’s license can pull your DOB (and when you acquired your FSC).

I’ve emailed CRPA at and contacted FPC at

The three major issues that appear to present themselves – this data gives massive personally identifiable information to the general public, in violation of existing state law. The data allows criminals to identify targets. It ultimately has a chilling effect on the second amendment because people rarely sign up to be doxxed.

Edit: to be crystal clear. I was able to find my purchase history and two friend’s purchase history. It is a massive dox.


As others on Reddit also pointed out, this looks less like a “data breach” and more like just giving access to all of this information to anyone who visited the new “data portal” that Bonta’s office unveiled yesterday, saying it was meant to “improve transparency and information sharing for firearms-related data,” including concealed handgun permits.

With today’s announcement, Attorney General Bonta is improving accessibility and functionality of the existing firearms database with expanded information in a comprehensive data dashboard. The dashboard includes data from the past decade when available on the following subjects:

  • Dealer Record of Sales
  • Gun Violence Restraining Orders
  • Carry Concealed Weapons Permits
  • Firearms Safety Certificates
  • Assault Weapons
  • Roster of Certified Handguns

Among the changes are more in-depth analysis of GVROs, which are now displayed at both the state and county level. According to the dashboard, GVROs issued in California over the past five years have increased from 104 issued statewide in 2017 to 1,384 issued statewide in 2021 — a 1,231% increase over a five-year period. Attorney General Bonta is a proponent of GVROs as a key tool in helping to prevent gun violence.

When Chuck Michel and I spoke on Monday’s Cam & Co, he mentioned Bonta’s new database and expressed concern about the level of detail that would be released, but said that addresses and other information would still not be public information. That’s how this was supposed to work in theory, but apparently in practice all kinds of personal details of concealed handgun permitees were made available for public perusal.


As of Tuesday afternoon, the data portal is now “temporarily unavailable“, but who knows how many people were able to access and download this information before Bonta’s office took it offline.

So was this intentional? Bonta would never admit that the directive came from him, of course, and I have to say I have doubts about whether he would have actively approved of this, if for no other reason than I’m sure there are some high-dollar Democratic donors who possess rare carry permits in Hollywood and Silicon Valley who aren’t happy at all about their personal details being released online.

Some anti-2A employee of Bonta’s office hoping to doxx existing CHP holders while hoping to make others afraid of even applying for a permit lest their personal information be released online, on the other hand? Yeah, that sounds plausible to me; at least as plausible in fact as the idea of multiple employees of the AG’s office giving the okay to making the database public without checking to ensure that they weren’t allowing users to access what is supposed to be private and confidential information.

Whatever the story that comes out of the AG’s office, damage has been done, and we’ll be following up with the CRPA and Chuck Michel to find out what the organization intends to do about it.


Join the conversation as a VIP Member