Hackers Steal Customer IDs and Purchase Data in Major STIIIZY Cannabis Breach

Hackers Steal Customer IDs and Purchase Data in Major STIIIZY Cannabis Breach

STIIIZY Data Breach Exposes Customer Information Through POS System Hack

Cannabis industry leader STIIIZY has reported a significant data breach affecting customers across multiple California locations. The breach, initially detected on November 20, 2024, occurred through their point-of-sale (POS) vendor system, exposing sensitive customer data between October 10 and November 10, 2024.

Compromised Information:
– Government-issued identification details
– Driver’s license and passport numbers
– Customer photographs and signatures
– Medical cannabis card information
– Transaction histories
– Personal contact information

Affected Locations:
– STIIIZY Union Square, San Francisco
– STIIIZY Mission, San Francisco
– STIIIZY Alameda
– STIIIZY Modesto

The Everest ransomware group has claimed responsibility for the attack, stating they acquired personal data from over 422,000 customers. The group, active since 2020, is known for corporate network breaches and double-extortion attacks, particularly targeting healthcare institutions.

Response Measures:
– Implementation of enhanced security protocols
– Free credit monitoring services for affected customers
– Notification to impacted individuals

Customers are advised to monitor their credit reports and remain vigilant against potential phishing attempts using the stolen information. STIIIZY continues to investigate the incident while implementing additional security measures to prevent future breaches.

Share This Article