Ionut Arghire
January 16, 2025
California-based cannabis brand Stiiizy is notifying 380,000 individuals that their personal information was compromised in a data breach at one of its vendors.
According to Stiiizy, it discovered the incident in late November, after the vendor notified it of a cyber intrusion, but the attackers had access to compromised systems for roughly a month.
“On November 20, 2024, we were notified by a vendor of point-of-sale processing services for some of our retail locations that accounts with their organization had been compromised by an organized cybercrime group,” Stiiizy said.
Between October 10 and November 10, the threat actor stole personal information and documents, impacting consumer profiles associated with four Stiiizy locations in San Francisco, Alameda, and Modesto.
“The incident impacted information contained on government-issued identification cards, including drivers’ licenses and medical cannabis cards, as well as information related to transactions with our dispensaries,” the company said.
The potentially compromised information includes names, addresses, dates of birth, driver license numbers, passport numbers, photographs, age details, medical cannabis cards, signatures on government ID cards, transaction histories, and other details.
Stiiizy has notified the Maine Attorney General’s Office that it’s sending written notifications to 380,000 people potentially affected by the data breach. The company is providing the impacted individuals with 12 months of free credit monitoring services, and with proactive fraud assistance.
While Stiiizy shared no further details on the type of cyberattack its vendor fell victim to, it appears that ransomware might have been involved.
Comments