Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

380,000 Impacted by Data Breach at Cannabis Retailer Stiiizy

Cannabis retailer Stiiizy says hackers stole the personal information of 380,000 consumers from one of its vendors.

California-based cannabis brand Stiiizy is notifying 380,000 individuals that their personal information was compromised in a data breach at one of its vendors.

According to Stiiizy, it discovered the incident in late November, after the vendor notified it of a cyber intrusion, but the attackers had access to compromised systems for roughly a month.

“On November 20, 2024, we were notified by a vendor of point-of-sale processing services for some of our retail locations that accounts with their organization had been compromised by an organized cybercrime group,” Stiiizy said.

Between October 10 and November 10, the threat actor stole personal information and documents, impacting consumer profiles associated with four Stiiizy locations in San Francisco, Alameda, and Modesto.

“The incident impacted information contained on government-issued identification cards, including drivers’ licenses and medical cannabis cards, as well as information related to transactions with our dispensaries,” the company said.

The potentially compromised information includes names, addresses, dates of birth, driver license numbers, passport numbers, photographs, age details, medical cannabis cards, signatures on government ID cards, transaction histories, and other details.

Stiiizy has notified the Maine Attorney General’s Office that it’s sending written notifications to 380,000 people potentially affected by the data breach. The company is providing the impacted individuals with 12 months of free credit monitoring services, and with proactive fraud assistance.

While Stiiizy shared no further details on the type of cyberattack its vendor fell victim to, it appears that ransomware might have been involved.

Advertisement. Scroll to continue reading.

In late November, the Everest ransomware group added the weed retailer to its Tor-based leaks site, claiming the theft of 422,075 customer records. A month later, the threat actor made some of the allegedly stolen information public, threatening to leak tens of thousands of customer profiles unless a ransom was paid.

One of the largest chains of cannabis retail stores in California and a top selling cannabis brand in the US, Stiiizy operates 34 locations and employs more than 1,700 people. The company was founded in 2017.

Related: Medical Billing Firm Medusind Says Data Breach Impacts 360,000 People

Related: Infostealer Infections Lead to Telefonica Ticketing System Breach

Related: Google Broke Australian Law Over Location Data Collection: Court

Related: PHP Developers Share Update on Recent Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

The City of Phoenix has promoted Mitch Kohlbecker to the role of Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.