Info on Nevada dispensary applicants exposed

A security researcher discovered this week that the personal information of more than 11,000 medical marijuana dispensary applicants in Nevada could be accessed online, a revelation that caused the state to shut down its online MMJ portal.

ZDNet first reported Wednesday that a bug in the state’s medical cannabis website allowed anyone with the right web address to access an applicant’s full name, home address, Social Security number, citizenship and physical details.

The news site said Justin Shafer, a security researcher, discovered the problem. It’s not clear if other people accessed the data.

On Wednesday evening, the Nevada Division of Public Behavioral Health acknowledged the issue, saying it is investigating a possible cyber attack on its database.

“The entire portal has been taken down,” Cody Phinney, an official with the public health division, said in a release. “To prevent further breaches, the division’s IT staff are working with state IT staff, investigating the breach.”

Nevada legalized medical marijuana back in 2000 but didn’t set up a regulated industry until 2015. It’s not evident how far back the data leak goes.

Daily News | Briefs | Dispensary/Retail Store Business News | Legal & Regulatory News for Marijuana Businesses | Nevada Medical Cannabis Business & Marijuana Legal News


  1. CDC December 30, 2016
  2. Michelle December 31, 2016
    • Andrew January 4, 2017

Leave a Reply

Your email address will not be published. Required fields are marked *

Please note: Comments are moderated by our editors who do their best to approve comments ASAP. As Marijuana Business Daily is focused on business, we approve comments that are specifically relevant to industry professionals. General opinions and questions about cannabis may not be posted.