
Cannabis industry leader STIIIZY has reported a significant data breach affecting customers across multiple California locations. The breach, initially detected on November 20, 2024, occurred through their point-of-sale (POS) vendor system, exposing sensitive customer data between October 10 and November 10, 2024.
Compromised Information:
– Government-issued identification details
– Driver’s license and passport numbers
– Customer photographs and signatures
– Medical cannabis card information
– Transaction histories
– Personal contact information
Affected Locations:
– STIIIZY Union Square, San Francisco
– STIIIZY Mission, San Francisco
– STIIIZY Alameda
– STIIIZY Modesto
The Everest ransomware group has claimed responsibility for the attack, stating they acquired personal data from over 422,000 customers. The group, active since 2020, is known for corporate network breaches and double-extortion attacks, particularly targeting healthcare institutions.
Response Measures:
– Implementation of enhanced security protocols
– Free credit monitoring services for affected customers
– Notification to impacted individuals
Customers are advised to monitor their credit reports and remain vigilant against potential phishing attempts using the stolen information. STIIIZY continues to investigate the incident while implementing additional security measures to prevent future breaches.