Cannabis operator Stiiizy says customer records acquired during data breach

Help shape our annual “Diversity in Cannabis” special report by filling out our business survey here!


Los Angeles-based cannabis operator Stiiizy said this week that a cybercrime group accessed some retail customer data when its point-of-sale vendor experienced a security breach around Oct. 10-Nov. 10, 2024.

Identifying details included on government-issued ID cards – such as name, address, birthdate and signature – were accessed during the breach, though Stiiizy said not all data was shared about every customer.

Retail transaction data also was disclosed.

The breach impacted customer data associated with four Stiiizy retail locations in California:

  • Stiiizy Alameda: 1528 Webster St., Alameda
  • Stiiizy Mission: 3326 Mission St., San Francisco
  • Stiiizy Modesto: 426 McHenry Ave., Modesto
  • Stiiizy Union Square: 180 O’Farrell St., San Francisco

Ben Taylor, executive director of the Virginia-based Cannabis Information Sharing & Analysis Organization, warned cannabis operators in late November that Everest Ransomware group, a criminal syndicate, was targeting the marijuana industry.

Stiiizy is offering customers impacted by the data breach free credit monitoring through TransUnion for 12 months.

While Stiiizy is best-known for its marijuana vape products, it has 10 cultivation sites in California, five manufacturing locations, 35 retail stores and seven distribution sites.

The company is preparing to open 17 additional stores in California, according to its website.

Stiiizy officials did not immediately respond to MJBizDaily requests for comment.