MJ Freeway: Full recovery from software outage could take weeks

Just Released! Get realistic market forecasts, state-by-state insights and benchmarks with the new 2024 MJBiz Factbook member program, now with quarterly updates. Make informed decisions.

MJ Freeway said Monday it could take two or three weeks to fully restore service to dispensaries and recreational marijuana stores after an alleged cyberattack knocked out the company’s software platform over the weekend.

The Denver-based firm – which provides software that helps businesses manage inventory, handle sales transactions and comply with regulations – initially expected to have all of its 1,000-plus customers in 23 marijuana states fully up and running on the system again by Tuesday.

But an MJ Freeway executive said Monday afternoon it will take anywhere from 24 to 72 hours for customers to get access to “operational sites” that will allow businesses to handle sales transactions, though they won’t be able to pull up historical transaction logs.

It could take two or three weeks for the company to restore full service, including historical data, for some cannabis retailers, said Jeannette Ward, director of data and marketing for MJ Freeway.

“It’s unfortunate for clients, for sure, but at least it gives them a system to operate in, versus paper, which is what they’re doing right now,” Ward said.

Many dispensaries and stores closed as a result of the outage, while others switched to a manual process of recording sales transactions.

Ward added that the attack and the resulting damage are far worse than originally thought.

“What we hoped (to) resolve with some scripts is turning out to be a manual process of re-creating clients’ historical data from those redundant backups,”  she said. “So while (Sunday) things were looking good that we would be able to restore clients within the next 24-48 hours, that’s going to take longer.”

Ward said there is no evidence currently that any medical cannabis patient data or business data was decrypted or compromised and that all signs still point to a cyberattack causing the crash.

“We don’t know yet exactly who or what the motivation was (for the attack),” Ward said, adding that the company “will definitely pursue a criminal investigation.”