Cannabis brand Stiiizy has been victimized by a third-party data breach that exposed customer identification information and transaction history, Cybernews reports. Stiiizy said that multiple California retailers were impacted, including four dispensaries – one in Alameda, one in Modesto, and two San Francisco.
According to Cybernews’ ‘Ransomlooker’ tool, the brand was compromised by ransomware Everest in November and December of last year.
In a Notice of Data Breach filed with the California Office of the Attorney General on January 8, Stiiizy said they were notified of the first attack on November 20, 2024.
“STIIIZY has implemented additional security measures designed to prevent a recurrence of such an attack and to protect the privacy of STIIIZY’s valued customers, Additionally, we are providing affected individuals with free credit monitoring services, as described more fully below.” — Stiiizy in the Notice of Data Breach, 1/8/25
The impacted information includes customer names, addresses, birth dates, driver’s license and passport ID numbers, photographs, signatures that appear on government-issued IDs, medical cannabis card information, and transaction histories. According to cybersecurity firm Halcyon AI, the personal information of more than 420,000 Stiiizy customers was breached in the ransomware attack.
Given that the leaked information includes sensitive data like government ID numbers and individual signatures linked to the IDs, hackers could impersonate the victims or commit financial fraud. Bad actors could also use the information to extort victims or create personalized and targeted scams against Stiiizy customers.
Get daily cannabis business news updates. Subscribe
End