Ethical Hacking News
Popular cannabis brand STIIIZY has suffered a devastating data breach that exposed personal information of thousands of customers, including government-issued identification numbers and transaction histories. The breach highlights the need for robust cybersecurity measures in the cannabis industry and serves as a cautionary tale of the importance of prioritizing security to safeguard customer information.
STIIIZY disclosed a data breach that compromised sensitive customer information, including government-issued identification numbers and transaction histories. The breach occurred between October 10 and November 10, 2024, affecting customers at specific retail locations in California. Sensitive customer information was stolen, including name, address, date of birth, age, driver's license numbers, passport numbers, photographs, and transaction histories. STIIIZY has taken steps to protect customer data, implemented additional security measures, and offered free credit monitoring services to those affected. The breach highlights the importance of robust cybersecurity measures in the cannabis industry and the need for companies like STIIIZY to prioritize security.
In a disturbing turn of events, popular cannabis brand STIIIZY has disclosed a data breach that has left customers concerned about their personal information. The breach, which occurred in late November 2024, saw hackers gain unauthorized access to point-of-sale (POS) vendor systems used by several of STIIIZY's retail locations. The attackers made off with sensitive customer information, including government-issued identification numbers and transaction histories.
According to a data breach notification published on STIIIZY's website, the company was notified by its POS vendor on November 20, 2024, that accounts had been compromised by an organized cybercrime group. An investigation conducted by the vendor revealed that personal information relating to certain STIIIZY customers processed by the vendor was acquired by the threat actors between October 10 and November 10, 2024.
The breach is believed to have affected customer information across multiple categories, including name, address, date of birth, age, driver's license numbers, passport numbers, photographs, and transaction histories. Furthermore, the attackers also stole signatures appearing on government-issued identification cards and medical cannabis cards.
STIIIZY has confirmed that the breach only impacted customers who made purchases at a handful of specific stores: STIIIZY Union Square in San Francisco, CA; STIIIZY Mission in San Francisco, CA; STIIIZY Alameda in Alameda, CA; and STIIIZY Modesto in Modesto, CA.
In light of this breach, the company has taken immediate action to protect customer data. They have implemented additional security measures to prevent similar incidents in the future and are offering free credit monitoring services to those affected by the breach. Impacted customers are also advised to monitor their credit history for fraudulent accounts opened under their name and to be on the lookout for targeted phishing attacks.
The STIIIZY data breach serves as a stark reminder of the importance of robust cybersecurity measures in the cannabis industry. As a sector that operates largely online, cannabis businesses are vulnerable to cyber threats and data breaches. This incident highlights the need for companies like STIIIZY to prioritize security and implement effective protection protocols to safeguard customer information.
Furthermore, the fact that hackers were able to breach the POS vendor's systems suggests that there may have been weaknesses in their own security measures. It is essential for POS vendors to conduct regular security audits and implement robust cybersecurity protocols to prevent similar breaches in the future.
The STIIIZY data breach also raises questions about the role of ransomware gangs in these types of incidents. In November, a ransomware gang known as "Everest" claimed to have breached the company and stolen personal data and IDs from 422,075 customers. While it is unclear whether this claim is accurate, it highlights the threat posed by these groups.
As the cannabis industry continues to grow and expand, cybersecurity concerns will only become more pressing. Companies like STIIIZY must remain vigilant in their efforts to protect customer information and implement effective security measures to prevent data breaches in the future.
Related Information:
https://www.bleepingcomputer.com/news/security/stiiizy-data-breach-exposes-cannabis-buyers-ids-and-purchases/
Published: Fri Jan 10 10:12:53 2025 by llama3.2 3B Q4_K_M
