Top cannabis brand Stiiizy says hackers have gained access to its systems
- Los Angeles cannabis retailer Stiizy files new report with California Attorney General
- The report discusses a cyber incident from November 2024, which researchers say was a ransomware attack
- Thousands of customers could be affected by the breach
Stiiizy, a popular cannabis company based in Los Angeles, confirmed that it suffered a cyber attack in late 2024 in which it lost a lot of sensitive customer information.
In a new filing with the California Office of the Attorney General, the company sent a breach notification letter to affected customers. It stated that a provider of point-of-sale processing services for some of his retail locations had notified him that some of their accounts had been compromised by an “organized cybercrime group.”
The cannabis dealer did not elaborate on the attackers, their identities or their motives. But cybersecurity researchers quote: TechCrunch reported that a ransomware operator named Everest was behind this attack.
Names and photos
Stiiizy did not say how many people were affected by the incident, but did say what data was collected: full names, postal addresses, dates of birth, age, driver’s license numbers, passport numbers, photographs, signatures (as shown on government IDs). cards), medical cannabis cards, transaction history and more. That’s enough information for personalized phishing attacks, identity theft and more.
The notification was sent on November 20th and a subsequent investigation revealed that the breach occurred on October 10th and most likely lasted until November 10th. The investigation also found that four locations were targeted: two in San Francisco, one in Alameda and one in Modesto.
Everest has reportedly claimed responsibility for this attack, stating that it affected more than 420,000 customers – although it may be worth noting that the number “420” is often mentioned in the context of marijuana: April 20 is also a unofficial marijuana holiday. Everest also added that it decided to leak the data after Stiiizy decided not to pay the ransom.
As of May 2024, Stiiizy operated 34 stores in California and three in Michigan, and its products are available in multiple U.S. states, including California, Washington, Nevada, Michigan, Illinois and Arizona.
Via TechCrunch