Popular Los Angeles-based marijuana brand Stiiizy confirmed that hackers accessed sensitive customer data, including government-issued documents and medical marijuana cards, during a cyber attack in November.
in the Data breach notice A complaint was filed this week with California's attorney general. Stiiizy said it was notified by a vendor that processes its sales that an “organized cybercriminal group” had compromised data from some of its retail locations.
In a letter sent to affected users; Stiiizy confirmed that hackers obtained customer data from an unknown vendor between October 10-10, 2024.
Stolen information included users' driver's licenses; That includes information on passports and medical marijuana cards, Stiiizy said. Hackers steal customer names; Addresses Dates of birth Transaction data and other de-identified personal information were also accessed.
Stiiizy, which operates 39 stores across the United States, did not say how many of its customers were affected, but said the incident affected four of its retail locations in California. Stiiizy did not respond to TechCrunch's questions.
Halcyon AI, a Texas-based cybersecurity startup, said Stiiizy did not confirm or describe the nature of the incident. November blog post A cannabis operator has been the target of a ransomware attack.
The Everest ransomware group stole personal information, including identification documents, of more than 420,000 Stiiizy users, according to Halcyon, which it said took credit for the cyber attack.
In a post on its dark web leak site seen by TechCrunch, Everest claims to have released the data Stiiizy stole after the company “ignored” its ransom demands.