Skip to main content
Managed ITCybersecurityPrivate CloudTechnology BundleAboutBreach ReportsFAQContact
Breach Reports

Real breaches. Real lessons.
Don't be next.

Cannabis cybersecurity incidents from 2020–2026. Each report highlights what happened, how it happened, and what your operation should learn from it.

STIIIZY — Everest Ransomware Attack

📅 January 2025👤 422,000 customers⚠️ Ransomware / POS Vendor

The Everest ransomware gang compromised a POS processing vendor, exfiltrating data over 30 days before detection. Exposed: names, driver's licenses, passports, medical cannabis cards, and full purchase histories. STIIIZY refused to pay ransom. Data was leaked publicly. A federal class action lawsuit followed.

What this means for you: Your POS vendor is an extension of your security perimeter. Vet their security posture. Demand incident notification SLAs. And have your own detection capabilities — don't rely on vendors to tell you they've been breached.

Ohio Marijuana Card — Unsecured Database

📅 July 2025👤 957,434 records (323 GB)⚠️ Misconfiguration

An unsecured database exposed SSNs, medical intake forms, physician certifications, and mental health evaluations — the largest cannabis data exposure ever discovered. No encryption. No access controls. Just an open database on the internet.

What this means for you: Medical cannabis data carries HIPAA-adjacent obligations. If you store patient information, it must be encrypted at rest and in transit with proper access controls. Period.

THSuite — Exposed S3 Bucket

📅 January 2020👤 30,000+ customers, 85,000 files⚠️ Cloud Misconfiguration

A seed-to-sale tracking platform left an Amazon S3 bucket publicly accessible. Exposed data included government IDs, purchase histories, and personal information from dispensaries across multiple states.

What this means for you: Cloud misconfigurations are the #1 cause of data leaks. Your compliance tracking data — the backbone of your license — needs private, controlled infrastructure, not a misconfigured public cloud bucket.

MJ Freeway — Dual Hacks

📅 2016–2018👤 1,000+ dispensaries across 23 states⚠️ Source Code Theft / System Compromise

The seed-to-sale tracking platform was hacked twice. Source code was posted publicly. Operations for over 1,000 dispensaries across 23 states were disrupted. The company eventually rebranded.

What this means for you: Software vendors your operation depends on can fail catastrophically. You need contingency plans, backup procedures, and the ability to operate if your critical systems go offline.

MariMed — Business Email Compromise

📅 2023💰 $650,000 stolen⚠️ BEC / Wire Fraud

A business email compromise attack intercepted communications and redirected $650,000 in wire transfers. No technical hack required — just social engineering.

What this means for you: Email compromise costs cannabis businesses real money. MFA on all accounts, email filtering, anti-impersonation rules, and wire transfer verification procedures are non-negotiable.

How would your operation handle a breach?

Book a free cybersecurity assessment. We'll identify your exposure and build a defense plan — before attackers find the gaps first.

Book Free Assessment →