Washington state marijuana traceability glitches stem from MJ Freeway hack

Did you miss the webinar “Women Leaders in Cannabis: Shattering the Grass Ceiling?” Head to MJBiz YouTube to watch it now!

A hack of MJ Freeway’s seed-to-sale tracking system led to Washington state’s recent problems with its marijuana traceability program, regulators told licensed marijuana businesses on Thursday.

Peter Antolin, deputy director of the Washington State Liquor and Control Board, wrote in a letter to business owners – including cultivators, processors and retailers – that a “computer vulnerability” in MJ Freeway’s Leaf Data tracking system took place Feb. 3.

“An intruder downloaded a copy of the traceability database and took action that caused issues with inventory transfers for some users,” according to the letter.

The regulator blames the hack – and theft of some cannabis companies’ information – for the inability of the state’s cannabis producers/processors to make transfers to retailers Feb. 1-3.

MJ Freeway discovered the “transfer abnormality” on Feb. 3 and determined two days later there was a “potential security incident,” the state said.

The Denver-based software company was asked Wednesday by Marijuana Business Daily about the issues with Washington state’s traceability system, but a spokeswoman did not mention the security breach.

According to the state, the stolen information doesn’t include personally identifiable data like names or social security numbers.

But the “intruder” accessed route information of manifests filed Feb. 1-4 and transporter vehicle information, including license plate numbers and VIN numbers.

“Because there is no personally identifiable information, there is nothing that licensees need to do at this time,” according to the letter.

MJ Freeway was awarded the Washington state account in June 2017, and Leaf Data was scheduled to be up and running Oct. 31, 2017.

However, Leaf Data was not functioning by then, and the state was forced to implement a stopgap traceability system.

MJ Freeway is no stranger to cyberattacks, having experience several system breaches in 2017 and as far back as 2016.