Technology
Medical patient info exposed in major cannabis dispensary data breach
Tens of thousands of cannabis users’ personal data has been exposed, including information belonging to medical marijuana patients, due to a breach of a sales system used throughout the industry.
Internet privacy researchers at discovered the data breach in THSuite, a cannabis point-of-sales system. The exposed data was discovered in a completely unsecured and unencrypted Amazon S3 bucket owned by the company.
The data was first discovered on Christmas Eve of 2019. vpnMentor’s researchers, led by Noam Rotem and Ran Locar, contacted THSuite soon after. The exposed database was finally closed on Jan. 14 of this year.
The THSuite data breach affects multiple marijuana dispensaries across the United States. In all, vpnMentor reports that more than 85,000 files were leaked in the data breach, which includes more than 30,000 sensitive records containing personally identifiable information.
The type of information in this leaked database is very concerning, especially as it pertains to patient medical history in some cases. Personal data found among the records include: full name, date of birth, phone number, email, street address, patient name and medical ID number, cannabis variety and quantity purchased, total transaction cost, date received, and more.
Photographs of scanned government and employee IDs were also discovered in the breach.
According to vpnMentor, its researchers verified records belonging to three different marijuana dispensaries: AmediCanna Dispensary, a medical marijuana dispensary located in Maryland, Bloom Medicinals, a medical marijuana dispensary with multiple locations throughout Ohio, and recreational dispensary Colorado Grow Company.
The privacy researchers note in their report, however, that the breach is far-reaching and affected more dispensaries than the specific ones listed. In fact, the vpnMentor report states that there’s a possibility that all of THSuite’s clients and its customers were affected.
The report notes that the data makes the affected parties susceptible to scams and sophisticated phishing attacks. It also points out that the breach could result in fines for the dispensaries due to the possible violations under HIPAA regulations.
-
Entertainment7 days ago
‘Only Murders in the Building’ Season 4 ending explained: Who killed Sazz and why?
-
Entertainment6 days ago
When will we have 2024 election results online?
-
Entertainment5 days ago
Halloween 2024: Weekend debates, obscure memes, and a legacy of racism
-
Entertainment6 days ago
Social media drives toxic fandom. Is there a solution?
-
Entertainment5 days ago
Is ‘The Substance’ streaming? How to watch at home
-
Entertainment5 days ago
M4 MacBook Pro vs. M3 MacBook Pro: What are the differences?
-
Entertainment3 days ago
Menendez brothers case reignites online: The questions that keep resurfacing
-
Entertainment4 days ago
‘A Real Pain’ review: Jesse Eisenberg and Kieran Culkin charm as odd-couple cousins