Image via Pxfuel
Not Cool

30,000 Marijuana Buyers’ Personal Info Exposed in Data Breach

byKristin Houser
1. 24. 20
Image via Pxfuel

The unsecured database even contained scans of users' photo IDs.

Data Discovered

A team of data privacy researchers discovered a major breach in a platform used by multiple marijuana dispensaries in the United States to manage sales.

According to the researchers’ report, the breach allowed them to access information about more than 30,000 buyers, including scans of government-issued photo IDs and details about the amount and types of cannabis products customers purchased.

Open and Shut

On Wednesday, VPN review website vpnMentor published a blog post detailing its discovery of the data breach.

The site’s researchers reportedly found an unsecured storage database owned by THSuite, a company that makes point-of-sale software for cannabis dispensaries, on December 24, 2019. They contacted THSuite about the database on December 26, and by January 14, 2020, the breach was closed.


Privacy Violated

According to vpnMentor’s report, the database contained 85,000 files, including personally identifiable information about more than 30,000 dispensary customers and employees.

In spot checks of the data, the researchers found links to three U.S. marijuana dispensaries — two of which strictly sell medical marijuana — though it wrote in the blog post that the breach affected many more.

“This raises serious privacy concerns,” vpnMentor wrote. “Medical patients have a legal right to keep their medical information private.”

READ MORE: Data Breach Exposes Personal Details of Over 30,000 U.S. Cannabis Users [Newsweek]


More on marijuana: Newly Discovered Weed Compound Is 30 Times More Potent Than THC

Care about supporting clean energy adoption? Find out how much money (and planet!) you could save by switching to solar power at By signing up through this link, may receive a small commission.

Share This Article

Copyright ©, Camden Media Inc All Rights Reserved. See our User Agreement, Privacy Policy and Data Use Policy. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with prior written permission of Futurism. Fonts by Typekit and Monotype.