Unnamed Partner Data Breach (2024)

"Dear members of the STIIIZY community: Stiiizy, Inc. ("STIIIZY") values the trust you place in us and takes the privacy and security of your information very seriously. Unfortunately, we are writing to inform you about an incident potentially affecting certain of your personal information processed by one of STIIIZY's vendors. Please review this communication to learn what happened and the steps that you can take to protect yourself against identity fraud. What Happened? On November 20, 2024, we were notified by a vendor of point-of-sale processing services for some of our retail locations that accounts with their organization had been compromised by an organized cybercrime group. An investigation conducted by the vendor revealed that personal information relating to certain STIIIZY customers processed by the vendor was acquired by the threat actors on or around October 10, 2024 - November 10, 2024. Upon receiving notice of the incident, we launched our own investigation to assess the extent of the impact. We have determined that certain of our customers' personal information and documents was acquired by the threat actors. We have been working closely with the vendor and our legal counsel to address the situation, including to determine the cause of the incident. This notification was not delayed by law enforcement. What Information Was Involved? Based on our initial investigation, the incident only impacted consumer profiles associated with the following STIIIZY locations: STIIIZY Union Square: 180 O'Farrell Street, San Francisco, CA STIIIZY Mission: 3326 Mission Street, San Francisco, CA STIIIZY Alameda: 1528 Webster St., Alameda, CA STIIIZY Modesto: 426 McHenry Ave., Modesto, CA The incident impacted information contained on government-issued identification cards, including drivers' licenses and medical cannabis cards, as well as information related to transactions with our dispensaries. The categories of information compromised include name, address, date of birth, age, drivers' license number, passport number, photograph, the signatures appearing on a government ID card, medical cannabis cards, transaction histories, and other personal information. Not all of this information was affected for each impacted individual."