news 
Cannabis company Stiiizy says hackers accessed customers’ ID documents
Los Angeles-based cannabis brand Stiiizy has confirmed that hackers gained access to a vast amount of sensitive customer data, including government-issued identification and medical cannabis cards. The incident is believed to have occurred during a cyberattack in November.
According to an official data breach notice filed with California’s attorney general this week, the company was notified by its point-of-sale processing vendor that an “organized cybercrime group” had compromised the data from some of its retail locations.
In a letter sent to affected customers, Stiiizy confirmed that the stolen information included customer names, addresses, dates of birth, transaction data, and other personal information. Most alarmingly, the hackers also gained access to customers’ government-issued ID documents, such as driver’s licenses and passports, as well as their medical cannabis cards.
Unfortunately, the company has not yet disclosed how many customers were affected by the incident or which specific retail locations were compromised, but it did reveal that the data breach impacted four of its California-based stores.
Stiiizy has not commented on the nature of the cyberattack, but cybersecurity experts have suggested that the hack may be related to a ransomware attack carried out by the Everest ransomware group. The group claimed credit for the cyberattack and published the stolen customer data online after Stiiizy “ignored” its ransom demands.
As is standard procedure in such situations, Stiiizy is urging affected customers to monitor their accounts closely for suspicious activity and has offered one year of free identity theft protection services to those impacted.
Source: techcrunch.com
