Stiiizy, a cannabis brand, experienced a third-party data breach that exposed customer identification information and transaction history. The breach affected multiple California retailers, including dispensaries in Alameda, Modesto, and San Francisco.
Driving the news: A cybersecurity tool identified ransomware Everest as the source of the compromise during November and December of the prior year.
- Stiiizy reported the breach to the California Office of the Attorney General on January 8 and implemented additional security measures to prevent a recurrence.
- Affected customer information included names, addresses, birth dates, government ID numbers, photographs, signatures, medical cannabis card details, and transaction histories.
- More than 420,000 Stiiizy customers’ personal data was compromised, raising concerns about potential identity theft, financial fraud, and targeted scams.
- Stiiizy is offering free credit monitoring services to affected individuals in response to the breach.