We’re all aware of the constant dramas MJ Freeway and other providers have had in the US. Now in Ontario the story repeats itself.
File under whoa, dude. The Ontario Cannabis Store (OCS) has become the first pot vendor to get the breach disclosure munchies since Canada legalized the sale of weed. Bad puns to one side, this is serious stuff. The OCS has contacted some 4,500 customers after a supply chain data breach resulted in buyer addresses being offered for sale on the dark web. The breach itself happened on November 1st when the delivery tracking resource of Canada Post, used by the store to ship cannabis orders, was apparently compromised. In a statement, a spokesperson for the OCS says that it has “worked closely with Canada Post to identify the cause of this issue and to prevent any further unauthorized access to customer delivery information.”
Information that has been offered for sale on dark markets include the usual delivery tracking details of postal codes, purchase reference numbers, Canada Post tracking numbers, date of delivery and the names of whoever signed for the package. The latter is important, as it’s not necessarily going to be the same as the name of the customer and could just be limited to initials. Customer names were not, as far as I’m aware at this stage, part of the dataset that was compromised. Nor, seeing as this was just delivery tracking data we are talking about, was any payment information accessed.
Anyone who has ordered cannabis from the OCS and is concerned about their address data getting into the wrong hands, and let’s face it this is the kind of information that could pot-entially (sorry, couldn’t resist) be used for extortion purposes, should already have been contacted by email. The OCS also says that if no email has been received then those customers were not affected by the breach.