Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Popular Los Angeles-based cannabis brand Stiiizy has confirmed that hackers gained access to a large amount of sensitive customer information, including government-issued documents and medical cannabis cards, during a November cyberattack.
In data breach notification In a filing with California’s attorney general this week, Stiiizy said he was alerted by a point-of-sale processing vendor that an “organized cybercrime group” was stealing data from some retail locations.
In a letter to affected customers, Stiiizy confirmed that hackers obtained processed customer data from an unnamed vendor between October 10 and November 10, 2024.
Stiiizy said the information stolen included information on customers’ driver’s licenses, passports and medical privacy cards. The hackers also accessed customer names, addresses, dates of birth, transaction information and other unspecified personal information.
Stiiizy, which operates 39 stores in the United States, has not yet disclosed how many customers were affected, but said the incident affected four retail locations in California. Stiiizy did not respond to questions from TechCrunch.
Stiiizy did not confirm or describe the nature of the incident, but Halcyon AI, a Texas-based cybersecurity startup, did. November blog post that the cannabis operator is the target of a ransomware attack.
According to Halcyon, the Everest ransomware group claimed credit for the cyberattack, saying the gang stole personal information, including IDs, from more than 420,000 Stiiizy customers.
In a post on a dark web leak site seen by TechCrunch, Everest claims to have published data stolen from Stiiizy after the company “ignored” ransom demands.
