Popular Los Angeles-based cannabis brand Stiiizy has confirmed that hackers accessed reams of sensitive customer data, including government-issued documents and medical cannabis cards, during a November cyberattack.In a data breach notice filed with Californias attorney general this week, Stiiizy said it was notified by its point-of-sale processing vendor that an organized cybercrime group had compromised the data from some of its retail locations.In a letter sent to affected customers, Stiiizy confirmed that the hackers acquired customer data processed from the unnamed vendor between October 10 and November 10, 2024.Stiiizy said the stolen information included information on customers drivers licenses, passports, and medical cannabis cards. Hackers also accessed customer names, addresses, dates of birth, transaction data, and other unspecified personal information.Stiiizy, which operates 39 stores across the United States, has not yet said how many of its customers were affected but said the incident affected four of its retail locations in California. Stiiizy did not respond to TechCrunchs questions.Stiiizy hasnt confirmed or described the nature of the incident, but Texas-based cybersecurity startup Halcyon AI said in a November blog post that the cannabis operator had been the target of a ransomware attack.The Everest ransomware group claimed credit for the cyberattack, according to Halcyon, which said the gang had stolen the personal information, including identification documents, of more than 420,000 Stiiizy customers.In a post on its dark web leak site, which TechCrunch has seen, Everest claims to have published the data stolen from Stiiizy after the company ignored its ransom demands.Topics