As threats to your data continue to pour in from all directions, be that high-speed password attacks, YouTube phishing threats, or newly evolved password-stealing malware targeting 100 million Apple aficionados, there’s one group of people who you might expect to be pretty laid back about it all; cannabis users. However, news that a California-based cannabis brand has notified 380,000 customers of a data breach might just shake that up a bit. Here’s what you need to know.
The Great Cannabis Hack
A data breach notification sent to the Maine Attorney General’s Office by a Californian cannabis brand called Stiiizy has confirmed it is alerting some 380,000 users potentially impacted by an attack against a vendor.
“On November 20, 2024, we were notified by a vendor of point-of-sale processing services for some of our retail locations that accounts with their organization had been compromised by an organized cybercrime group,” the notice of data breach stated.
Writing at Security Week, Ionut Arghire said that while Stiiizy had not shared any further details regarding the type of cyberattack involved, “it appears that ransomware might have been involved.”
What we do know, according to the Stiiizy breach notification itself, is that personal information relating to “certain customers processed by the vendor” was acquired by hackers between Oct. 10, 2024 and Nov. 10, 2024. “We have determined that certain of our customer’s personal information and documents was acquired by the threat actors,” Stiiizy said.
The Customer Data Impacted By The Cannabis Brand Attack
Following initial investigations, Stiiizy said that the incident only impacted customers associated with locations in Union Square, San Francisco, Mission Street, San Francisco, Webster Street, Alameda and McHenry Avenue, Modesto.
The data involved, the breach notification stated, included:
- Government-issued identification cards, including driver’s licenses and medical cannabis cards.
- Information related to transactions with Stiiizy dispensaries.
- Name, address, date of birth, age, driver’s license number, passport number, photograph, the signatures appearing on a government ID card, medical cannabis cards, transaction histories, and other personal information.
I have reached out to Stiiizy for a statement, but in the meantime, the cannabis brand said that anyone who has received a breach notification or thinks they might be impacted by the incident should contact the Stiiizy “dedicated assistance line at 833-799-4284 between the hours of 8:00 a.m. to 8:00 p.m. Eastern time, Monday through Friday, excluding holidays.”
