The Complete Dispensary Cybersecurity Hardening Guide: Protect Your Business Before You're the Next Stiiizy
420,000+ customer records exposed. Passports leaked. Purchase histories published. Don't let this happen to you.
The Wake-Up Call: Stiiizy Breach (January 2025)
On January 10, 2025, Stiiizy—one of the largest cannabis brands in California—confirmed a devastating data breach.
The Everest ransomware gang stole data from over 420,000 customers including:
- Driver's licenses
- Passport numbers
- Medical cannabis cards
- Customer photographs
- Transaction histories
- Names, addresses, dates of birth
The attackers didn't even bother with encryption. They simply stole the data and demanded payment. When Stiiizy refused, everything was published on the dark web.
How did it happen?
A third-party point-of-sale (POS) vendor was compromised. Hackers exploited vulnerabilities in the vendor's systems between October 10 and November 10, 2024—a full month of access before anyone noticed.
The fallout:
- 380,000+ breach notification letters sent
- 12 months of free credit monitoring offered
- Regulatory investigations
- Class action lawsuits pending
- Permanent reputational damage
This is the reality of cannabis cybersecurity in 2025.
And if you think "it won't happen to us"—you're exactly the type of target attackers love.
Why Dispensaries Are Prime Targets
1. You Handle Massive Amounts of Sensitive Data
Every customer who walks through your door provides:
- Government-issued ID (driver's license, passport)
- Medical information (for medical programs)
- Purchase history (what they bought, how much, when)
- Payment information (even if cash, many use debit)
- Photographs (ID scans)
- Personal contact information (loyalty programs)
This is a goldmine for criminals.
Stolen cannabis customer data can be used for:
- Identity theft
- Financial fraud
- Blackmail (cannabis use still stigmatized in many contexts)
- Targeted phishing scams
- Prescription drug fraud (medical cards)
