Cannabis Brand Stiiizy Warns of Customer Data Breach

The incident impacted customer data at four of the company's dispensaries.

Screenshot 2025 01 09 At 11 19 10 Am
Stiiizy

Cannabis brand Stiiizy said that on November 20, 2024, it was notified by a vendor of point-of-sale processing services for some of its retail locations that accounts with their organization had been compromised by an organized cybercrime group.

An investigation conducted by the vendor revealed that personal information relating to certain Stiiizy customers processed by the vendor was acquired by the threat actors on or around October 10, 2024 - November 10, 2024.

"Upon receiving notice of the incident, we launched our own investigation to assess the extent of the impact. We have determined that certain of our customers' personal information and documents was acquired by the threat actors. We have been working closely with the vendor and our legal counsel to address the situation, including to determine the cause of the incident. This notification was not delayed by law enforcement," the company said in a news release.

Stiiizy said based on its initial investigation, the incident impacted consumer profiles associated with the following locations:

  • STIIIZY Union Square: 180 O'Farrell Street, San Francisco, CA 
  • STIIIZY Mission: 3326 Mission Street, San Francisco, CA 
  • STIIIZY Alameda: 1528 Webster St., Alameda, CA 
  • STIIIZY Modesto: 426 McHenry Ave., Modesto, CA

The incident impacted information contained on government-issued identification cards, including drivers' licenses and medical cannabis cards, as well as information related to transactions with Stiiizy's dispensaries. The categories of information compromised include name, address, date of birth, age, drivers' license number, passport number, photograph, the signatures appearing on a government ID card, medical cannabis cards, transaction histories, and other personal information. Not all of this information was affected for each impacted individual.

Stiiizy said it has implemented additional security measures designed to prevent a recurrence of such an attack and to protect the privacy of Stiiizy's valued customers, Additionally, it's providing affected individuals with free credit monitoring services.

Beyond that, Stiiizy is encouraging customers to remain vigilant against incidents of identity theft and fraud, to review account statements, and to monitor credit reports for suspicious or unauthorized activity.

More in News