Representation of a cyberattack with a computer screen and lock icon.

Stiiizy Cyberattack Exposes Sensitive Data of Over 420,000 Customers


Popular cannabis brand Stiiizy faces a data breach exposing sensitive customer data, including IDs and medical cannabis cards, impacting over 420,000 users.


Hackers Breach Stiiizy’s Data Systems: Over 420,000 Customers Affected

Popular Los Angeles-based cannabis brand Stiiizy has confirmed a major cybersecurity breach compromising sensitive customer data, including government-issued IDs and medical cannabis cards. The breach, orchestrated by an “organized cybercrime group,” targeted the company’s point-of-sale vendor, exposing a wide range of personal information.

Details of the Cyberattack

In a data breach notice filed with California’s Attorney General, Stiiizy disclosed that hackers accessed customer information processed by the vendor between October 10 and November 10, 2024. Affected data includes:
  • Driver’s licenses and passports
  • Medical cannabis cards
  • Names, addresses, and dates of birth
  • Transaction histories and other unspecified details
Stiiizy operates 39 retail locations across the U.S., but this breach impacted four California stores. The company has not specified the number of customers affected. However, cybersecurity firm Halcyon AI revealed in a blog post that the Everest ransomware group claimed responsibility, alleging that over 420,000 individuals were impacted.

Everest Ransomware Group’s Role

The Everest group, notorious for high-profile cyberattacks, reportedly stole the data and demanded a ransom. According to Halcyon, Everest leaked the stolen information on its dark website after Stiiizy allegedly ignored the demands. This dataset includes sensitive identification documents, amplifying concerns over potential misuse.

Customer Fallout and Stiiizy’s Response

Stiiizy has faced criticism for its handling of the incident, including delays in notifying affected customers. In letters sent to those impacted, the company outlined the nature of the breach but refrained from addressing whether it paid the ransom. Stiiizy has yet to publicly confirm the specifics of the attack or respond to media inquiries.

Broader Implications for the Cannabis Industry

This breach underscores the vulnerability of the cannabis sector, where regulatory requirements necessitate the storage of extensive personal data. Industry experts warn that cannabis operators, like Stiiizy, must prioritize robust cybersecurity measures to protect sensitive customer information.

Protecting Your Data

If you suspect your data has been compromised:
  1. Monitor financial accounts for unusual transactions.
  2. Place a fraud alert with credit bureaus.
  3. Consider using identity theft protection services.

A Wake-Up Call for the Cannabis Industry

Stiiizy’s breach highlights the pressing need for enhanced cybersecurity in industries handling sensitive customer data. With over 420,000 customers potentially affected, this incident serves as a stark reminder of the risks businesses face in the digital age. As the cannabis industry grows, so too must its commitment to protecting consumer trust and privacy.

(Disclaimer: This article is meant to inform you, but it’s not a substitute for legal or professional advice.)

 

Also Read:  Chinese Hackers Breach Key U.S. Treasury Office, Raising National Security Concerns

Leave a Reply

Your email address will not be published. Required fields are marked *