Skip to content

Title: The Massive Cannabis Hack: Over 380,000 Users Affected

Title: What's Up with the California Cannabis Brand Data Breach and Its Impact on 380,000 Users?

Marijuana and cannabis legalization: a growing movement
Marijuana and cannabis legalization: a growing movement

Title: The Massive Cannabis Hack: Over 380,000 Users Affected

In the realm of escalating digital threats, you'd think cannabis connoisseurs might remain unfazed. However, a data breach affecting 380,000 customers of a California-based cannabis company, Stiiizy, is bound to ruffle some feathers. Here's the lowdown.

The Unwelcome Digital Invasion

Fashioning a data breach notice to the Maine Attorney General's Office, Stiiizy reveals a potential impact on these customers due to an assault on its vendor's system by a cybercrime group. In the notification, Stiiizy disclosed:

"On November 20, 2024, we were apprised by a vendor of our point-of-sale processing services for certain retail locations that their accounts had been breached by an organized cybercrime outfit."

Lending his insight in Security Week, Ionut Arghire hinted at a possible ransomware involvement. But Stiiizy refrains from offering further specifics about the nature of the attack.

What we do garner from the Stiiizy breach notice is that miscreants have pilfered personal information pertinent to transactions by some customers. The notice affirms the acquisition of the data between October 10, 2024, and November 10, 2024.

The Data Orchard Ransacked by the Cannabis Company Attack

Stiiizy's examination reveals the predicament only poses risks for customers linked to its retail locations in Union Square and Mission Street in San Francisco, Webster Street in Alameda, and McHenry Avenue in Modesto.

The data that incurred trampling included:

  • Government-issued identification cards, such as driver's licenses and medical cannabis cards.
  • Details of transactions conducted with Stiiizy dispensaries.
  • Full names, addresses, birthdates, age, driver's license numbers, passport numbers, photos, signatures, medical cannabis cards, transaction histories, and other personal information.

Once received, the breach notification advises individuals to contact Stiiizy's dedicated assistance line at 833-799-4284, available daily from 8:00 a.m. to 8:00 p.m. Eastern time, barring holidays.

[1] Source: https://www.darkreading.com/vulnerability-management/stiiizy-cannabis-company-warns-of-data-breach-notifying-200000-customers/d/d-id/1692735[2] Source: https://www.bleepingcomputer.com/news/security/ransomware-gangs-attack-stiiizy-and-puff-pass-pot-stores-leaking-customer-data/

  1. The data breach affecting Stiiizy, a California-based cannabis company, has raised concerns among their 380,000 customers.
  2. Ionut Arghire suggested in Security Week that the Stiiizy data breach might involve ransomware, but the company has not confirmed this.
  3. The breach affected Stiiizy's vendors, leading to the theft of personal information like names, addresses, and identification cards of some customers.
  4. Stiiizy has advised affected customers to contact their dedicated assistance line for guidance, suggesting potential risks for cannabis users in San Francisco, Alameda, and Modesto.
  5. This incident underscores the need for stronger cybersecurity measures in the cannabis industry, as weed hackers continue to exploit vulnerabilities.

Read also:

    Latest