Public Broadcasting Massachusetts reports
Thousands of employees in the Massachusetts cannabis industry received an official email last week about a major data breach: the name, home and email address, phone number and date of birth of every cannabis worker in the state had been made public in an “inadvertent release of agency documents” by the state’s own Cannabis Control Commission.
Along with the names and personal information, the dataset included a list of former employees and the specific reasons they were no longer associated with the marijuana company, including alleged violations of company policy.
The state email provided little context for the leak, sparking panic and confusion across online message boards and the local cannabis community. Cannabis workers say they didn’t know what the breach meant for their safety. They also didn’t know that the leak leads back to an investigation into a Russian oligarch and a Belmont-based blogger now hiding in a safe house.
Grant Smith Ellis has been writing about weed since 2017, primarily through an online blog with 25 paid subscribers. Earlier this month, he published a blog post that included internal communications between state commission members discussing an ongoing investigation into alleged financial ties between Massachusetts-based cannabis company Curaleaf and Roman Abramovich, a sanctioned Russian oligarch and confidante of Vladimir Putin.
In response to a public records request, Smith Ellis received the internal communications and a trove of other confidential information — some 17,000 rows of cannabis employees’ personal data — due to an error made by the commission. The personal data never went public and his blog post only published details relating to the internal communications between commissioners regarding the Curaleaf investigation.
Two days later, Smith Ellis got an urgent call from officials at the commission, the state’s 100-person cannabis regulatory agency, asking him to remove parts of the post due to “safety concerns.”
“The tone was panic and terror,” Smith Ellis told GBH News. “They asked me to take the story down due to safety concerns … they basically said that leaving this information up could put people at risk.”
Read full report. https://www.wgbh.org/news/local-news/2023/03/22/cannabis-regulators-putting-out-a-series-of-fires-involving-a-russian-oligarch-and-data-breach