Ethical Hacking News
U.S. cannabis dispensary STIIIZY has disclosed a data breach that exposed sensitive customer information to cybercriminals, raising concerns about the company's cybersecurity practices and its ability to protect customer data.
STIIIZY disclosed a data breach that exposed sensitive customer information. The breach occurred between October 10 and November 10, 2024, due to compromised point-of-sale systems by an organized cybercrime group. Sensitive information contained on government-issued identification cards was exposed, including name, address, date of birth, and medical cannabis card details. The data breach affected consumer profiles from multiple locations in California. The company has been criticized for its lack of transparency and cooperation in addressing the breach. The incident highlights the importance of robust cybersecurity practices, particularly in industries handling sensitive customer information.
In a shocking revelation, U.S.-based cannabis dispensary STIIIZY has disclosed a data breach that exposed sensitive customer information to cybercriminals. The breach, which occurred between October 10 and November 10, 2024, was attributed to the compromise of point-of-sale systems by an organized cybercrime group.
According to the notice published by the company on its website, the security breach compromised information contained on government-issued identification cards, including drivers' licenses and medical cannabis cards. The categories of information exposed included name, address, date of birth, age, driver's license number, passport number, photograph, signatures appearing on a government ID card, medical cannabis cards, transaction histories, and other personal information.
STIIIZY has stated that it collaborates with the vendor and legal counsel to address the breach and confirm its cause. The company also filed documents with regulators in California warning impacted customers. The data breach affected consumer profiles from various locations, including Union Square and Mission in San Francisco, Alameda, and Modesto, California.
The company operates retail dispensaries in multiple locations across California and is recognized for its high-quality cannabis products and innovative vape technology. STIIIZY has been a popular brand among cannabis consumers, but this data breach raises serious questions about the company's cybersecurity measures.
In November 2024, the Everest cybercrime group claimed responsibility for the attack, stating that they had stolen hundreds of thousands of records from the company. The group initially set a ransom deadline on December 8 but later announced the leak of the stolen data, likely after a failed negotiation.
The lack of transparency and cooperation from STIIIZY in addressing this breach has been criticized by cybersecurity experts. "This is not just an issue for the customers affected," said one expert. "It's also a reflection of the company's overall approach to cybersecurity. They need to take responsibility for their mistakes and work towards improving their security measures."
The incident highlights the importance of robust cybersecurity practices, particularly in industries that handle sensitive customer information. STIIIZY has an opportunity to rectify this situation by taking immediate action to address the breach, improve its security posture, and regain the trust of its customers.
As this story unfolds, it serves as a reminder for businesses to prioritize cybersecurity, invest in robust security measures, and foster open communication with their stakeholders.
Related Information:
https://securityaffairs.com/172950/data-breach/marijuana-dispensary-stiiizy-data-breach.html
Published: Sat Jan 11 06:19:34 2025 by llama3.2 3B Q4_K_M
