Fashionable Los Angeles-based hashish model Stiiizy has confirmed that hackers accessed a considerable amount of delicate buyer knowledge, together with government-issued paperwork and medical hashish playing cards, throughout a cyberattack in November.
In a knowledge breach discover Appeared earlier than California’s legal professional common this week, Stiiizy mentioned his point-of-sale processing supplier notified him that an “organized cybercrime group” had compromised knowledge at a few of his retail shops.
In a letter despatched to affected prospects, Stiiizy confirmed that hackers acquired buyer knowledge processed by the nameless vendor between October 10 and November 10, 2024.
Stiiizy mentioned the stolen data included details about prospects’ driver’s licenses, passports and medical hashish playing cards. The hackers additionally accessed buyer names, addresses, dates of delivery, transaction knowledge, and different unspecified private data.
Stiiizy, which operates 39 shops throughout the US, has not but mentioned what number of of its prospects had been affected, however mentioned the incident affected 4 of its retail shops in California. Stiiizy didn’t reply to questions from TechCrunch.
Stiiizy has not confirmed or described the character of the incident, however Texas-based cybersecurity startup Halcyon AI mentioned in a November weblog publish that the hashish operator had been the goal of a ransomware assault.
The Everest ransomware group took credit score for the cyberattack, in line with Halcyon, which mentioned the gang had stolen private data, together with identification paperwork, from greater than 420,000 Stiiizy prospects.
In a publish on its darkish internet leak web site, which TechCrunch has seen, Everest claims to have printed Stiiizy’s stolen knowledge after the corporate “ignored” its ransom calls for.
