News broke yesterday that over 11,000 people had their personally identifiable information breached after a State of Nevada medical marijuana database was hacked. Application information was compromised, including applicants’ name, social security number, race, address, and citizenship information. The State of Nevada has come out saying that no patient information was part of the breach. Per the Reno Gazette Journal:
In a statement sent Wednesday evening, the state said it was investigating a “cyber-attack” on its Medical Marijuana Program database that affected medical marijuana agent cards, disclosing the Social Security numbers and other identifiable information for employees and owners of medical marijuana establishments. The state said no private medical marijuana patient information was disclosed.
“The entire portal has been taken down,” said Cody Phinney, division administrator, in a prepared statement. “To prevent further breaches, the Division’s IT staff are working with state IT staff, investigating the breach. We appreciate everyone’s patience during this difficult time. As more information is known, the public will be notified.”
This incident in Nevada highlights the growing need for information security in the marijuana world. If it can happen to a government agency, it can happen to anyone in the industry. The marijuana industry, both on the business and regulation sides, collects a tremendous amount of data, including personally identifiable information that identity thieves can use to cause a lot of harm. That information needs to be protected at all times.
A lot of industry members are quick to pour money into making their building look nice, or gladly spend their money on billboards touting their company around town. Industry business owners are much less likely to put sufficient money into information security, and for many industry members, information security is not even on their radar. Physical security like surveillance cameras are fresh on the brain, but computer security not so much. As a result, I expect to see more data breaches come out of the marijuana world. These companies and government entities need to hire my buddy Jay!