news 
Cannabis company Stiiizy says hackers accessed customers’ ID documents
Los Angeles-based cannabis brand Stiiizy has confirmed that hackers accessed reams of sensitive customer data, including government-issued documents and medical cannabis cards, during a November cyberattack.
According to a data breach notice filed with California’s attorney general this week, Stiiizy was notified by its point-of-sale processing vendor that an “organized cybercrime group” had compromised the data from some of its retail locations. The company has not yet disclosed how many customers were affected by the incident, but stated that it impacted four of its retail locations in California.
The stolen information includes identification documents such as driver’s licenses and passports, as well as customer names, addresses, dates of birth, transaction data, and other unspecified personal information. Stiiizy operates 39 stores across the United States.
Despite not responding to TechCrunch’s inquiries, Stiiizy sent a letter to affected customers stating that the incident had occurred. The company has not provided any details about the nature of the breach or whether it paid a ransom demand.
In a blog post from November, cybersecurity startup Halcyon AI claimed that Stiiizy was targeted by a ransomware attack, with the Everest ransomware group claiming credit for the cyberattack. According to the report, over 420,000 Stiiizy customers had their personal information stolen, including identification documents.
Following the incident, the hackers published the stolen data on their dark web leak site after Stiiizy “ignored” its ransom demands, according to Everest’s post.
Source: techcrunch.com
