A data breach at Aurora Cannabis has exposed the personal information of an unknown number of the Canadian company’s current and former employees, Marijuana Business Daily has learned.
An email sent to a victim of the data breach cites a Dec. 25 “cybersecurity incident during which unauthorized parties accessed data in (Microsoft cloud software) SharePoint and OneDrive.” The email was shared with MJBizDaily.
The victim, a former Aurora employee who was laid off in February, wasn’t notified of the breach until late in the evening of Dec. 31.
Aurora spokeswoman Michelle Lefler confirmed that the company “was subject to a cybersecurity incident” on Christmas that affected both current and former employees, although she did not confirm what kinds of personal information were exposed.
“The company immediately took steps to mitigate the incident, is actively consulting with security experts and cooperating with authorities,” Lefler wrote in a statement.
“Aurora’s patient systems were not compromised, and the company’s network of operations is unaffected.”
Aurora’s properties include the Massachusetts hemp company Reliva, which it bought for $40 million in a May stock deal.