- Los Angeles cannabis store Stiizy files new report with California Attorney General
- The report discusses a cyber incident that occurred in November 2024, which researchers believe was a ransomware attack.
- Thousands of customers could be affected by the breach
Stiiizy, a popular Los Angeles-based cannabis company, confirmed that it suffered a cyberattack in late 2024 in which it lost a lot of sensitive customer information.
In a new filing with the California Attorney General’s Office, the company provided a breach notification letter sent to affected customers. In it, he says a point-of-sale processing service provider for some of his outlets informed him that some of his accounts had been compromised by an “organized cybercrime group.”
The cannabis trafficker did not discuss the attackers, their identity or their motivations. However, citing cybersecurity researchers, TechCrunch reported that a ransomware operator called Everest was behind this attack.
Names and photos
Stiiizy did not specify how many people were affected by the incident, but he did specify what data was collected: full names, postal addresses, dates of birth, age, driver’s license numbers, passport numbers, photos , signatures (as appearing on government identification documents). cards), medical cannabis cards, transaction history, and more. This is enough information for personalized phishing attacks, identity theft, etc.
The notification was sent on November 20 and a subsequent investigation revealed that the breach occurred on October 10 and likely lasted until November 10. The investigation also found that four locations were targeted: two in San Francisco, one in Alameda and one in Modesto.
Everest reportedly claimed responsibility for this attack and said it affected more than 420,000 customers – although it is worth mentioning that the number “420” is often mentioned in the context of marijuana: April 20 is also a non-public holiday. official related to marijuana. Everest also added that it decided to release the data after Stiiizy decided not to pay the ransom demands.
As of May 2024, Stiiizy operated 34 retail stores in California and three in Michigan, and its products are available in several U.S. states, including California, Washington, Nevada, Michigan, Illinois, and Arizona.
Via TechCrunch
