A security researcher discovered this week that the personal information of more than 11,000 medical marijuana dispensary applicants in Nevada could be accessed online, a revelation that caused the state to shut down its online MMJ portal.
The news site said Justin Shafer, a security researcher, discovered the problem. It’s not clear if other people accessed the data.
On Wednesday evening, the Nevada Division of Public Behavioral Health acknowledged the issue, saying it is investigating a possible cyberattack on its database.
“The entire portal has been taken down,” Cody Phinney, an official with the public health division, said in a release. “To prevent further breaches, the division’s IT staff are working with state IT staff, investigating the breach.”
Nevada legalized medical marijuana back in 2000 but didn’t set up a regulated industry until 2015. It’s not evident how far back the data leak goes.