An information breach in November uncovered the IDs and passports of people that purchased merchandise from STIIIZY, a big marijuana dispensary in California.
The corporate printed a breach discover on its web site and filed paperwork with regulators in California warning anybody who purchased merchandise from their shops in San Francisco, Alameda and Modesto that their information might have been impacted.
STIIIZY, which was based in 2017 and sells a wide range of cannabis-related merchandise, didn’t reply to requests for remark about how many individuals had been affected. However the discover on the corporate’s web site says the breach uncovered drivers’ license numbers, passport numbers, pictures, medical hashish playing cards and different biographical data like names, ages and addresses.
The assault additionally uncovered transaction histories and different private data, STIIIZY stated.
The corporate defined that they had been notified on November 20 by a point-of-sale processing providers vendor that a few of their retail places had been compromised “by an organized cybercrime group.”
“An investigation carried out by the seller revealed that non-public data regarding sure STIIIZY clients processed by the seller was acquired by the risk actors on or round October 10, 2024 – November 10, 2024,” the corporate stated.
An investigation carried out by the corporate confirmed that buyer data was leaked. Some clients are being supplied free credit score monitoring providers for an undisclosed period of time.
The assault was claimed in November by the Everest cybercrime gang, which stated it stole 422,075 private information. It set a ransom deadline of December 8 and it’s unclear if the corporate paid the undisclosed ransom.
Ransomware professional Jon Miller, CEO of cybersecurity agency Halcyon, stated Everest is understood for merely extorting its victims reasonably than launching ransomware and encrypting sufferer recordsdata.
“Their operations goal organizations throughout numerous industries, together with healthcare, authorities, and important infrastructure, leveraging weak credentials, unpatched vulnerabilities, and phishing assaults to realize unauthorized entry and transfer laterally inside networks,” he stated.
“Everest is especially expert at avoiding detection through the use of encrypted communication channels and safe strategies to obscure their actions.”
Recorded Future
Intelligence Cloud.
Be taught extra.
