Stiiizy Data Breach: Customer IDs Exposed in Hack

Stiiizy Confirms Customer Data Breach

The Los Angeles cannabis company, Stiiizy, has officially acknowledged a significant data breach. Sensitive customer information was compromised during a cyberattack that occurred in November.

Details of the Security Incident

Stiiizy received notification from its point-of-sale vendor regarding the unauthorized access. An “organized cybercrime group” successfully infiltrated data systems at several of its retail locations.

According to a notice filed with the California Attorney General, the data breach impacted information processed through the vendor between October 10th and November 10th, 2024.

Types of Data Compromised

The stolen data encompassed a wide range of personally identifiable information. This included copies of customer driver’s licenses and passports.

Furthermore, medical cannabis cards were also accessed by the attackers. Customer names, addresses, dates of birth, and transaction details were also part of the compromised data.

Scope of the Breach

Stiiizy currently operates 39 stores nationwide. While the exact number of affected customers remains undisclosed, the incident impacted four retail locations within California.

The company has not yet responded to inquiries from TechCrunch regarding the scale of the breach.

Ransomware Attack Claims

Although Stiiizy has not publicly detailed the nature of the attack, cybersecurity firm Halcyon AI reported a ransomware incident in November.

Halcyon AI identified the Everest ransomware group as taking responsibility for the cyberattack. They claim to have stolen data pertaining to over 420,000 Stiiizy customers.

Ransom Demands and Data Publication

The Everest group asserts that it published the stolen data on a dark web leak site after Stiiizy failed to meet their ransom demands. TechCrunch has verified the existence of this published data.

The compromised information included personal identification documents, according to the ransomware group’s claims.