Technology
Medical patient info exposed in major cannabis dispensary data breach
Tens of thousands of cannabis users’ personal data has been exposed, including information belonging to medical marijuana patients, due to a breach of a sales system used throughout the industry.
Internet privacy researchers at discovered the data breach in THSuite, a cannabis point-of-sales system. The exposed data was discovered in a completely unsecured and unencrypted Amazon S3 bucket owned by the company.
The data was first discovered on Christmas Eve of 2019. vpnMentor’s researchers, led by Noam Rotem and Ran Locar, contacted THSuite soon after. The exposed database was finally closed on Jan. 14 of this year.
The THSuite data breach affects multiple marijuana dispensaries across the United States. In all, vpnMentor reports that more than 85,000 files were leaked in the data breach, which includes more than 30,000 sensitive records containing personally identifiable information.
The type of information in this leaked database is very concerning, especially as it pertains to patient medical history in some cases. Personal data found among the records include: full name, date of birth, phone number, email, street address, patient name and medical ID number, cannabis variety and quantity purchased, total transaction cost, date received, and more.
Photographs of scanned government and employee IDs were also discovered in the breach.
According to vpnMentor, its researchers verified records belonging to three different marijuana dispensaries: AmediCanna Dispensary, a medical marijuana dispensary located in Maryland, Bloom Medicinals, a medical marijuana dispensary with multiple locations throughout Ohio, and recreational dispensary Colorado Grow Company.
The privacy researchers note in their report, however, that the breach is far-reaching and affected more dispensaries than the specific ones listed. In fact, the vpnMentor report states that there’s a possibility that all of THSuite’s clients and its customers were affected.
The report notes that the data makes the affected parties susceptible to scams and sophisticated phishing attacks. It also points out that the breach could result in fines for the dispensaries due to the possible violations under HIPAA regulations.
-
Entertainment6 days ago
‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
-
Entertainment5 days ago
Black Friday 2024: The greatest early deals in Australia – live now
-
Entertainment4 days ago
How to watch ‘Smile 2’ at home: When is it streaming?
-
Entertainment4 days ago
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
-
Entertainment3 days ago
A24 is selling chocolate now. But what would their films actually taste like?
-
Entertainment3 days ago
New teen video-viewing guidelines: What you should know
-
Entertainment2 days ago
Greatest Amazon Black Friday deals: Early savings on Fire TVs, robot vacuums, and MacBooks
-
Entertainment2 days ago
2024 Black Friday ads: Greatest deals from Target, Greatest Buy, Walmart, Kohls, and more