X
Nevada officials investigate cyberattack on marijuana program database
Nevada officials are investigating a cyberattack on the state’s medical marijuana program database after the personal information of thousands of people was leaked online Wednesday, the state confirmed in a news release.
Social Security numbers, dates of birth, addresses and even driver’s license information for people who applied for a medical marijuana dispensary license, as well as for their employees, were made public on the internet and discovered Wednesday, according to the news release from the Nevada Division of Public and Behavioral Health.
Several technology news sites, including The Daily Dot, reported that nearly 12,000 full, unredacted applications were available online through a simple Google search.
After becoming aware of the breach, the state closed the medical marijuana establishment portal for the second time this month. The portal houses those documents, as well as medical marijuana cardholder information.
“The entire portal has been taken down,” Division of Public and Behavioral Health Administrator Cody Phinney said in a news release Wednesday afternoon.
“To prevent further breaches, the Division’s IT staff are working with state IT staff, investigating the breach. We appreciate everyone’s patience during this difficult time. As more information is known, the public will be notified.”
The state said the breach did not include the information for medical marijuana cardholders and said that information is “considered to be secure.”
According to the news release, the state referred the breach to law enforcement for further investigation.
The division first shut down the portal on Dec. 8, saying it found “some vulnerabilities” in the system. The division restored it on Dec. 15, saying the vulnerabilities had been corrected and that the information in the portal had not been compromised.
The division also is notifying three major credit reporting agencies — Equifax, Experian and TransUnion — about the breach and encourages anyone whose information may have been compromised to contact the agencies.
Contact Colton Lochhead at clochhead@reviewjournal.com or 702-383-4638. Follow @ColtonLochhead on Twitter.