- Los Angeles Cannabis Store Stiizy Files New Report with California Attorney General
- The report analyzes a cyber incident from November 2024, which researchers say was a ransomware attack
- Thousands of customers could be affected by the breach
Stiiizy, a popular Los Angeles-based cannabis company, confirmed that it suffered a cyberattack in late 2024 in which it lost a lot of sensitive customer information.
In a new filing with the California Attorney General’s Office, the company provided a breach notification letter that it sent to affected customers. In it, it said that a provider of point-of-sale processing services for some of its retail stores notified it that some of its accounts were compromised by an “organized cybercrime group.”
The cannabis dealer did not speak about the attackers, their identities or their motives. However, citing cybersecurity researchers, TechCrunch reported that a ransomware operator named Everest was behind this attack.
names and photos
Stiiizy did not say how many people were affected by the incident, but he did say what data was taken: full names, postal addresses, dates of birth, age, driver’s license numbers, passport numbers, photographs, signatures (as they appear on the government IDs). cards), medical cannabis cards, transaction history and more. That’s enough information for personalized phishing attacks, identity theft, and more.
The notification was sent on November 20, and further investigation found that the breach occurred on October 10 and likely lasted until November 10. The investigation also found that four locations were targeted: two in San Francisco, one in Alameda and one. in Modesto.
Everest reportedly claimed responsibility for this attack, stating that it affected more than 420,000 customers, although it is perhaps worth mentioning that the number “420” is often mentioned in the context of marijuana: April 20 is also a unofficial marijuana holiday. Everest also added that it decided to leak the data after Stiiizy decided not to pay the ransom demands.
As of May 2024, Stiiizy operated 34 retail stores in California and three in Michigan, and its products are available in several U.S. states, including California, Washington, Nevada, Michigan, Illinois, and Arizona.
Through TechCrunch
