California-based cannabis brand Stiiizy is notifying 380,000 individuals that their personal information was compromised in a data breach at one of its vendors.
According to Stiiizy, it discovered the incident in late November, after the vendor notified it of a cyber intrusion, but the attackers had access to compromised systems for roughly a month.
“On November 20, 2024, we were notified by a vendor of point-of-sale processing services for some of our retail locations that accounts with their organization had been compromised by an organized cybercrime group,” Stiiizy said.
Between October 10 and November 10, the threat actor stole personal information and documents, impacting consumer profiles associated with four Stiiizy locations in San Francisco, Alameda, and Modesto.
“The incident impacted information contained on government-issued identification cards, including drivers’ licenses and medical cannabis cards, as well as information related to transactions with our dispensaries,” the company said.
The potentially compromised information includes names, addresses, dates of birth, driver license numbers, passport numbers, photographs, age details, medical cannabis cards, signatures on government ID cards, transaction histories, and other details.
Stiiizy has notified the Maine Attorney General’s Office that it’s sending written notifications to 380,000 people potentially affected by the data breach. The company is providing the impacted individuals with 12 months of free credit monitoring services, and with proactive fraud assistance.
While Stiiizy shared no further details on the type of cyberattack its vendor fell victim to, it appears that ransomware might have been involved.
In late November, the Everest ransomware group added the weed retailer to its Tor-based leaks site, claiming the theft of 422,075 customer records. A month later, the threat actor made some of the allegedly stolen information public, threatening to leak tens of thousands of customer profiles unless a ransom was paid.
One of the largest chains of cannabis retail stores in California and a top selling cannabis brand in the US, Stiiizy operates 34 locations and employs more than 1,700 people. The company was founded in 2017.
Related: Medical Billing Firm Medusind Says Data Breach Impacts 360,000 People
Related: Infostealer Infections Lead to Telefonica Ticketing System Breach
Related: Google Broke Australian Law Over Location Data Collection: Court
