Widespread hashish model STIIIZY disclosed an information breach this week after hackers breached its point-of-sale (POS) vendor to steal buyer data, together with authorities IDs and buy data.
STIIIZY is a a California-based hashish model recognized for its pod-based vaporizers and quite a lot of hashish merchandise, together with flower, edibles, THC concentrates, and extracts.
In an information breach notification revealed earlier this week, STIIIZY says it first suffered an information breach on November 20 when notified by its POS vendor.
“On November 20, 2024, we have been notified by a vendor of point-of-sale processing providers for a few of our retail areas that accounts with their group had been compromised by an organized cybercrime group,” reads the knowledge breach notification revealed to STIIIZY’s web site.
“An investigation performed by the seller revealed that non-public data regarding sure STIIIZY prospects processed by the seller was acquired by the menace actors on or round October 10, 2024 – November 10, 2024.”
As a part of the breach, the menace actors stole a variety of delicate buyer data, together with driver’s license data, passport numbers, images, and transaction histories.
“The incident impacted data contained on government-issued identification playing cards, together with drivers’ licenses and medical hashish playing cards, in addition to data associated to transactions with our dispensaries,” warns the corporate.
“The classes of data compromised embody identify, handle, date of beginning, age, drivers’ license quantity, passport quantity, {photograph}, the signatures showing on a authorities ID card, medical hashish playing cards, transaction histories, and different private data. Not all of this data was affected for every impacted particular person.”
STIIIZY says their investigation signifies that the breach solely affected prospects who made purchases on the following shops:
- STIIIZY Union Sq.: 180 O’Farrell Road, San Francisco, CA
- STIIIZY Mission: 3326 Mission Road, San Francisco, CA
- STIIIZY Alameda: 1528 Webster St., Alameda, CA
- STIIIZY Modesto: 426 McHenry Ave., Modesto, CA
The corporate says they’ve carried out further safety measures to guard buyer knowledge and can provide free credit score monitoring providers to these impacted.
Because of the delicate nature of the stolen knowledge, impacted prospects are additionally suggested to observe their credit score historical past for fraudulent accounts opened underneath their identify and to be looking out for focused phishing assaults.
Whereas STIIIZY has not shared any particulars on the seller and the way the information was stolen, a ransomware gang often known as “Everest” claimed in November to have breached the corporate and stolen the private knowledge and IDs of 422,075 prospects.
BleepingComputer contacted STIIIZY with additional questions in regards to the breach and can replace this story if we hear again.
Everest ransomware claimed assault

Supply: BleepingComputer
The Everest gang additionally shared screenshots of the allegedly stolen knowledge, which included scans of driver’s licenses, buyer profiles, medical marijuana playing cards, buyer profiles, and firm paperwork.
The Everest ransomware operation launched in 2020 and has had an attention-grabbing development of malicious exercise.
When first launched, the group primarily breached company networks to steal knowledge and extort victims on its knowledge leak web site.
Over time, the menace actors launched ransomware into their assaults to not solely steal knowledge but in addition encrypt the corporate’s recordsdata in double-extortion assaults.
The menace actors are additionally recognized for appearing as preliminary entry brokers, promoting entry to company networks to different menace actors to carry out their very own assaults.
In August, the U.S. Division of Well being and Human Companies warned that the Everest ransomware gang was more and more concentrating on the healthcare business.