California’s beloved cannabis giant STIIIZY just got hacked, and the fallout is massive. Hackers made off with a treasure chest of customer data—including government IDs, transaction histories, and personal details—after breaching the company’s point-of-sale (POS) vendor. If you thought your cannabis purchases were private, think again.
The breach occurred between October 10 and November 10, 2024, but STIIIZY didn’t get the memo until November 20, courtesy of its compromised vendor. Four Northern California locations were hit: Union Square and Mission in San Francisco, Alameda, and Modesto. For customers of these stores, this wasn’t just a breach; it was an open door for cybercriminals to rifle through your digital wallet.
What did the hackers snag? The list is jaw-dropping. Names, addresses, birthdates, and even scans of driver’s licenses, passports, medical cannabis cards, and signatures. And let’s not forget the transaction histories that provide a detailed map of your buying habits. For some customers, this breach feels like being left naked in the digital wild.
STIIIZY’s response? A year of free credit monitoring and promises of beefed-up security. They’ve set up a hotline (833-799-4284) to guide customers through the aftermath. But for many, the damage is already done. The hackers, linked to the Everest Ransomware group, have reportedly stolen data from over 422,000 customers. They’ve flaunted their haul online, complete with screenshots of IDs, customer profiles, and sensitive company documents.
This isn’t Everest’s first rodeo. The group, active since 2020, has a nasty reputation for double-extortion attacks—stealing data and encrypting company files—and selling access to corporate networks. Cannabis might be their latest target, but Everest has been wreaking havoc across industries, even setting its sights on the healthcare sector in recent months.
For the cannabis community, this breach is a wake-up call. The industry’s rapid growth has made it a prime target for cybercriminals, and the lack of robust digital defenses is glaring. If cannabis operators don’t take cybersecurity seriously, breaches like this won’t just be a rarity—they’ll be the norm.
And let’s talk about the risks to customers. With your ID details and transaction histories in the hands of criminals, phishing attacks and identity theft are just the start. Experts recommend monitoring credit reports for suspicious activity and being hyper-vigilant with emails or messages that seem off.
This breach also highlights a deeper concern: the stigma around cannabis. For many, cannabis use is a personal choice—one they’d rather keep private. The exposure of such sensitive information adds an extra layer of violation, particularly for those in areas where cannabis use is still taboo.
STIIIZY’s breach isn’t just a data loss; it’s a gut punch to consumer trust in an industry still fighting for legitimacy. As the cannabis market continues to thrive, operators must prioritize compliance, quality, and digital security. The stakes are too high, and the cost of inaction is steep.
For now, customers are left to pick up the pieces and hope this is a turning point for the industry. Let’s face it: when your cannabis purchase turns into a cybersecurity nightmare, something has to change.
© 2025 Pot Culture Magazine. All rights reserved. This content is the exclusive property of Pot Culture Magazine and may not be reproduced, distributed, or transmitted in any form or by any means without prior written permission from the publisher, except for brief quotations in critical reviews.
Discover more from POT CULTURE MAGAZINE
Subscribe to get the latest posts sent to your email.
Leave a comment