Article by Ahmed Sagan, Lightllife
Thousands of medical marijuana agent applications for people looking to run a dispensary were exposed online, according to a statement from the Nevada Division of Public Behavioral Health.
In a statement sent Wednesday evening, the state said it was investigating a “cyber-attack” on its Medical Marijuana Program database that affected medical marijuana agent cards, disclosing the Social Security numbers and other identifiable information for employees and owners of medical marijuana establishments. The state said no private medical marijuana patient information was disclosed.
“The entire portal has been taken down,” said Cody Phinney, division administrator, in a prepared statement. “To prevent further breaches, the Division’s IT staff are working with state IT staff, investigating the breach. We appreciate everyone’s patience during this difficult time. As more information is known, the public will be notified.”
Earlier Wednesday, a story published by ZD Net broke the news that more than 11,700 applications — which also contain an the applicant’s name, race, home address and citizenship — were exposed online. ZD Net editor Zack Whittaker on Wednesday reported that security researcher Justin Shafer discovered the flaw in the state’s website.
It is unclear how long the information was available, whether anyone besides Shafer had access to it and how far back the information goes. The Reno Gazette-Journal has reached out to Shafer for comment.