in

Data leak on cannabis dispensary payment system left personal details more than 30,00 exposed

Data leak on cannabis dispensary payment system left the personal details of tens of thousands of marijuana users exposed including names, medical IDs, and their purchase history

  • Researchers found a data breach in THSuite, a cannabis point-of-sales system
  • They found personal information for more than 30,000 individuals in the bucket
  • The data showed names, medical ID, home addresses, last purchase and more
  • IT was found on Christmas Even of 2019 and closed January 14 of this year 

Personal information of more than 30,000 marijuana users was exposed in an unsecure data base on the web, it has emerged.

Privacy researchers discovered a data breach in THSuite, a cannabis point-of-sales system, which held information of medical marijuana patients and scanned government and employee IDs. 

The personal data included customer’s full names, date of birth, phone numbers, emails, street addresses, medical ID number, type of preferred cannabis, quantity purchases and more, according to Mashable.   

The records were found to be from three different dispensaries: AmediCanna Dispensary, a medical marijuana dispensary located in Maryland, Bloom Medicinals, a medical marijuana dispensary with multiple locations throughout Ohio and recreational dispensary Colorado Grow Company.

The leaked Amazon S3 bucket was first discovered on December 24, 2019 by vpnMentor’s experts and was closed January 14th of this year. 

Scroll down for video 

Privacy researchers discovered a data breach in THSuite, a cannabis point-of-sales system, which held information of medical marijuana patients and scanned government and employee IDs

Privacy researchers discovered a data breach in THSuite, a cannabis point-of-sales system, which held information of medical marijuana patients and scanned government and employee IDs

‘Cannabis dispensaries have to collect large quantities of sensitive information in order to comply with state laws,’ vpnMentor shared in a blog post about the leaked bucket.

‘The THSuite platform is designed to simplify this process for dispensary operators by automatically integrating with each state’s API traceability system.’

‘As a consequence of this, the platform has access to a lot of private data related to dispensaries and their customers.’

The team discovered the unsecure bucket while conducted a large-scale web mapping project.

The personal data included customer’s full names, date of birth, phone numbers, emails, street addresses, medical ID number, type of preferred cannabis, quantity purchases and more

The personal data included customer’s full names, date of birth, phone numbers, emails, street addresses, medical ID number, type of preferred cannabis, quantity purchases and more

The records were found to be from three different dispensaries: AmediCanna Dispensary, a medical marijuana dispensary located in Maryland, Bloom Medicinals, a medical marijuana dispensary with multiple locations throughout Ohio and recreational dispensary Colorado Grow Company

The records were found to be from three different dispensaries: AmediCanna Dispensary, a medical marijuana dispensary located in Maryland, Bloom Medicinals, a medical marijuana dispensary with multiple locations throughout Ohio and recreational dispensary Colorado Grow Company

It was spotted on Christmas Eve 2019 and owners of the information were notified to days later.

On January 7th, Amazon was informed about the breach, then two weeks later the bucket was closed.  

Researchers warn that the breach leaves customers exposed to phishing attacks and hackers could use the information commit identity theft.

Not only are the consumers at risk, but the dispensaries involved could face consequences because of the possible Health Insurance Portability and Accountability Act (HIPAA) violation.

Under HIPAA regulations, it’s a federal crime in the US for any health services provider to expose protected health information (PHI) that could be used to identify an individual. HIPAA violations can result in fines of up to $50,000 for every exposed record, or even in jail time.

‘At the very least, THSuite should investigate to find out how this data breach occurred and implement new security procedures to make sure something like this never happens again,’ vpnMentor explained.

‘In the future, we also recommend that you thoroughly vet any third party services you hire to make sure they follow best practices and have multiple security measures in place to protect your sensitive data.’

WHAT IS CANNABIS AND WHAT ARE THE PROS AND CONS?

Cannabis is an illegal Class B drug in the UK, meaning possession could result in a five year prison sentence and those who supply the drug face up to 14 years in jail.

However, the drug is widely used for recreational purposes and can make users feel relaxed and happy. 

But smoking it can also lead to feelings of panic, anxiety or paranoia.

Scientific studies have shown the drug can alleviate depression, anxiety and stress, but heavy use may worsen depression in the long term by reducing the brain’s ability to let go of bad memories.

It can also contribute to mental health problems among people who already have them, or increase users’ risk of psychosis or schizophrenia, according to research.

Marijuana can be prescribed for medical uses in more than half of US states, where it is used to combat anxiety, aggression and sleeping problems. Researchers are also looking into whether it could help people with autism,eczema or psoriasis.

Cannabis oil containing the psychoactive chemical THC, which is illegal in the UK, is claimed to have cancer-fighting properties, and one 52 year-old woman from Coventry says she recovered from terminal bowel and stomach cancer by taking the drug.

 

Source link

Leave a Reply

Plane crash survivor: ‘I don’t get to take my scars off and forget about them’ | UK News

The Duke and Duchess of Sussex ‘will pay for their own security’