MJ Freeway reveals theft of client data in 2016 cyberattack

Get realistic market forecasts, state-by-state insights and benchmarks with the 2024 MJBiz Factbook member program, now with quarterly updates. Make informed decisions.


MJ Freeway has notified its clients that some of their business information was stolen “on or about” Nov. 19, 2016.

The theft came to light during the Denver-based software company’s investigation of a cyberattack it suffered in January 2017.

MJ Freeway enlisted the help of the Colorado Bureau of Investigation to attempt to track down who was behind that attack.

The January hack preceded multiple outages involving MJ Freeway’s Tracker point-of-sale system this past fall.

The outages forced marijuana retailers nationwide to log transactions by hand and, in some cases, to even close temporarily at the cost of thousands of dollars.

According to MJ Freeway, data stolen during the November 2016 hack included birthdates and contact information for businesses and patients.

The company said the theft did not include “financially sensitive data” such as Social Security numbers or credit or debit card numbers.

“To the best of our knowledge,” MJ Freeway wrote in its notification, “this data has not been made publicly available for sale.”