- Los Angeles hashish retailer Stiizy recordsdata new report with the California Lawyer Normal
- Report discusses a November 2024 cyber-incident, which researchers are saying it was a ransomware assault
- Hundreds of shoppers could possibly be affected by the breach
Stiiizy, a preferred Los Angeles-based hashish firm, confirmed struggling a cyberattack in late 2024 during which it misplaced loads of delicate buyer info.
In a brand new submitting with the California Workplace of the Lawyer Normal, the corporate supplied a breach notification letter being despatched out to affected clients. In it, it stated {that a} point-of-sale processing providers vendor for a few of its retail areas notified it about a few of their accounts being compromised by an “organized cybercrime group.”
The hashish supplier didn’t focus on the attackers, their identities, or their motives. Nevertheless, citing cybersecurity researchers, TechCrunch reported a ransomware operator known as Everest was behind this assault.
Names and images
Stiiizy didn’t say how many individuals had been affected by the incident, however it did say what knowledge was taken: full names, postal addresses, start dates, age, drivers’ license numbers, passport numbers, images, signatures (as showing on authorities ID playing cards), medical hashish playing cards, transaction historical past, and extra. That’s sufficient info for customized phishing assaults, identification theft, and extra.
The notification was despatched on November 20, and a subsequent investigation uncovered that the breach occurred on October 10, and more than likely lasted till November 10. The investigation additionally uncovered that 4 areas had been focused: two in San Francisco, one in Alameda, and one in Modesto.
Everest has allegedly claimed accountability for this assault and said that it affected greater than 420,000 clients – though it’s maybe price mentioning the quantity “420” is commonly talked about within the context of marijuana: April 20 is an unofficial marijuana vacation, as properly. Everest additionally added it determined to leak the info after Stiiizy determined to not pay the ransom calls for.
As of Might 2024, Stiiizy operated 34 retail shops in California and three in Michigan, and its merchandise can be found in a number of US states, together with California, Washington, Nevada, Michigan, Illinois, and Arizona.
By way of TechCrunch