Class Action Lawsuit Attorneys Investigating Stiiizy Data Breach

Class action attorneys are investigating the data breach that affected cannabis brand Stiiizy and impacted customer data from four of the company’s dispensaries. Console Associates, P.C. indicated they are “investigating the data breach that was reported after the company discovered unauthorized access to sensitive consumer information.”

“STIIIZY reported a data breach after identifying unauthorized access to consumer data in their systems. While the exact nature of the incident remains under investigation, the breach could have resulted from either a direct compromise of STIIIZY’s network or a security incident affecting one of their third-party vendors.” — Console Associates, P.C., update, 1/15/25

Stiiizy filed the Notice of Data Breach with the California Office of the Attorney General on January 8, noting that they were notified of an initial ransomware attack on November 20, 2024. According to Cybernews’ ‘Ransomlooker’ tool, the brand was compromised by ransomware Everest in November and December of last year.

The law firm said Stiiizy also filed breach notices with the Texas Attorney General and the Attorney General of Maine on December 23, 2024 and January 8, 2025, respectively.

The impacted information includes customer names, addresses, birth dates, driver’s license and passport ID numbers, photographs, signatures that appear on government-issued IDs, medical cannabis card information, and transaction histories. According to cybersecurity firm Halcyon AI, the personal information of more than 420,000 Stiiizy customers was breached in the ransomware attack.