Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Los Angeles-based cannabis brand Stiiizy has confirmed that hackers obtained customer information, including government-issued documents and medical marijuana cards, during a November event.
In data breach notice filed by the California attorney general this week, Stiiizy said he was notified by retailers that a “cybercriminal organization” had compromised data from some of the retailers.
In a letter sent to affected customers, Stiiizy confirmed that hackers obtained customer data that was changed from an unnamed vendor between October 10 and November 10, 2024.
Stiiizy said the stolen items included customer IDs, passports, and medical marijuana cards. The hackers also obtained customer names, addresses, dates of birth, business information, and other undisclosed information.
Stiiizy, which operates 39 stores across the United States, did not say how many customers were affected but said the incident affected four of its stores in California. Stiiizy did not respond to TechCrunch’s inquiries.
Stiiizy didn’t confirm or explain how it happened, but Texas-based cybersecurity startup Halcyon AI said November blog post that the cannabis user was the target of the ransom.
The Everest ransomware group claimed responsibility for the cyberattack, according to Halcyon, which said the group stole personal information, including identification documents, of more than 420,000 Stiiizy customers.
In a post on its leaked black page, seen by TechCrunch, Everest says it published the stolen data from Stiiizy the company “ignored” his ransom demands.
