Cannabis operator Stiiizy says customer records acquired during data breach

Los Angeles-based marijuana operator Stiiizy announced this week that a cybercrime group accessed some retail customer data when its point-of-sale vendor experienced a security breach around Oct. 10-Nov. 10, 2024.

Identifying details included on government-issued ID cards – such as name, address, date of birth and signature – were accessed during the breach, though Stiiizy said not all data was shared about every customer.

Retail transaction data also was disclosed.

The breach impacted customer data associated with four Stiiizy retail locations in California:

• Stiiizy Alameda: 1528 Webster St., Alameda
• Stiiizy Mission: 3326 Mission St., San Francisco
• Stiiizy Modesto: 426 McHenry Ave., Modesto
• Stiiizy Union Square: 180 O’Farrell St., San Francisco

Ben Taylor, executive director of Cannabis Information Sharing & Analysis Organization, in late November that Everest Ransomware group, a criminal syndicate, was targeting the marijuana industry.

Stiiizy is offering customers impacted by the data breach free credit monitoring through TransUnion for 12 months.

While Stiiizy is best-known for its marijuana vape products, it has 10 cultivation sites in California, five manufacturing locations, 35 retail stores and seven distribution sites.

The company is preparing to open 17 additional retail stores in California, according to its website.

MJBizDaily contacted media representatives for Stiiizy and will update this story with comments.