LOS ANGELES, Jan. 8, 2025 /PRNewswire/ —

Dear members of the STIIIZY community: 

Stiiizy, Inc. (“STIIIZY”) values the trust you place in us and takes the privacy and security of your information very seriously. Unfortunately, we are writing to inform you about an incident potentially affecting certain of your personal information processed by one of STIIIZY’s vendors.  Please review this communication to learn what happened and the steps that you can take to protect yourself against identity fraud.

What Happened?

On November 20, 2024, we were notified by a vendor of point-of-sale processing services for some of our retail locations that accounts with their organization had been compromised by an organized cybercrime group. An investigation conducted by the vendor revealed that personal information relating to certain STIIIZY customers processed by the vendor was acquired by the threat actors on or around October 10, 2024 – November 10, 2024. Upon receiving notice of the incident, we launched our own investigation to assess the extent of the impact. We have determined that certain of our customers’ personal information and documents was acquired by the threat actors. We have been working closely with the vendor and our legal counsel to address the situation, including to determine the cause of the incident. This notification was not delayed by law enforcement.

What Information Was Involved?

Based on our initial investigation, the incident only impacted consumer profiles associated with the following STIIIZY locations:

STIIIZY Union Square: 180 O’Farrell Street, San Francisco, CA
 STIIIZY Mission: 3326 Mission Street, San Francisco, CA
 STIIIZY Alameda: 1528 Webster St., Alameda, CA
 STIIIZY Modesto: 426 McHenry Ave., Modesto, CA

The incident impacted information contained on government-issued identification cards, including drivers’ licenses and medical cannabis cards, as well as information related to transactions with our dispensaries. The categories of information compromised include name, address, date of birth, age, drivers’ license number, passport number, photograph, the signatures appearing on a government ID card, medical cannabis cards, transaction histories, and other personal information. Not all of this information was affected for each impacted individual.

What We Are Doing

STIIIZY values your privacy and deeply regrets that this incident occurred. STIIIZY has implemented additional security measures designed to prevent a recurrence of such an attack and to protect the privacy of STIIIZY’s valued customers, Additionally, we are providing affected individuals with free credit monitoring services, as described more fully below.

What You Can Do

STIIIZY encourages you to remain vigilant against incidents of identity theft and fraud, to review account statements, and to monitor credit reports for suspicious or unauthorized activity. Additionally, security experts suggest individuals to contact their financial institution and major credit bureaus to inform them of such a breach and take whatever steps are recommended to protect your interests, including the possible placement of a fraud alert on credit files.

Individuals who have received a notification or who believe they might be impacted by this incident may contact STIIIZY’s dedicated assistance line at 833-799-4284 between the hours of 8:00 a.m. to 8:00 p.m. Eastern time, Monday through Friday, excluding holidays.

As a precautionary measure, and to assist you in protecting yourself against identity theft, STIIIZY has arranged to make available to impacted individuals Single Bureau Credit Monitoring/Single Bureau Credit Report/Single Bureau Credit Score services at no charge. These services provide you with alerts for 12 months from the date of enrollment when changes occur to your credit file.  This notification is sent to you the same day that the change or update takes place with the bureau. Finally, we are providing you with proactive fraud assistance to help with any questions that you might have or in event that you become a victim of fraud. These services will be provided by Cyberscout, a TransUnion company specializing in fraud assistance and remediation services. 

To enroll in credit monitoring services at no charge, please follow the instructions provided on https://www.stiiizy.com/pages/notice-of-data-breach.

In the meantime, we encourage you to take the following steps to further protect your information:

Closely monitor your financial account and promptly contact your financial institution if you notice any unusual activity.

Report incidents of suspected identity theft to your local law enforcement, the Federal Trade Commission, and your state attorney general. To file a complaint with the FTC, go to IdentityTheft.gov or call 1-877-ID-THEFT (877-438-4338). Complaints filed with the FTC will be added to the FTC’s Identity Theft Data Clearinghouse, which is a database made available to law enforcement agencies.  Information on how to contact your state attorney general may be found at www.naag.org/naag/attorneys-general/whos-my-ag.php.
 Take advantage of additional free resources on identity theft. We recommend that you review the tips provided by the Federal Trade Commission’s Consumer Information website, a valuable resource with some helpful tips on how to protect your information. Additional information is available at https://www.consumer.ftc.gov/topics/privacy-identity-online-security.
 
For more information, please visit IdentityTheft.gov or call 1-877-ID-THEFT (877-438-4338). A copy of Identity Theft – A Recovery Plan, a comprehensive guide from the FTC to help you guard against and deal with identity theft, can be found on the FTC’s website at https://www.consumer.ftc.gov/articles/pdf-0009_identitytheft_a_recovery_plan.pdf.
  Monitor your free credit reports. You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting https://www.annualcreditreport.com, by calling toll-free 877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348.
 Place a security freeze on your credit files by calling each of the three credit reporting agencies (Equifax, Experian, and TransUnion). Freezing credit files will prevent someone from using your personal information to open new accounts or borrow money in your name. Please understand that when you place the freeze, you will not be able to borrow money, obtain instant credit, or get a new credit card unless you temporarily or permanently remove the freeze.
 Contact the three credit reporting agencies to notify them of this incident, receive credit alerts, or freeze your credit file. Contact information for the three agencies is provided below:

For More Information

We understand that this incident may cause concern, and we are committed to providing you with the support you need. For more information, please visit our FAQ page at https://www.stiiizy.com/pages/incident-faq. If you have questions, please call our dedicated call center at 833-799-4284 between the hours of 8:00 a.m. to 8:00 p.m. Eastern time, Monday through Friday, excluding holidays.

We sincerely regret any inconvenience or concern this incident may cause. Protecting your information is our top priority, and we remain committed to maintaining your trust.

Sincerely,

STIIIZY, Inc.

ADDITIONAL IMPORTANT INFORMATION

More information can also be obtained by contacting the Federal Trade Commission: Federal Trade Commission – Consumer Response Center: 600 Pennsylvania Ave, NW, Washington, DC 20580; 1-877- IDTHEFT (438-4338); www.identitytheft.gov

For residents of Hawaii, Michigan, Missouri, North Carolina, Vermont, Virginia, and Wyoming: You are advised to remain vigilant for incidents of fraud and identity theft by reviewing credit card account statements and monitoring your credit report for unauthorized activity.

For residents of Colorado, Illinois, Iowa, Maryland, Missouri, New Mexico, North Carolina, Oregon, and West Virginia: You may obtain a copy of your credit report, free of charge, whether or not you suspect any unauthorized activity on your account. You may obtain a free copy of your credit report from each of the three nationwide credit reporting agencies. To order your free credit report, please visit www.annualcreditreport.com, or call toll-free at 1-877-322-8228. You can also order your annual free credit report by mailing a completed Annual Credit Report Request Form (available at https://www.consumer.ftc.gov/articles/0155-free-credit-reports) to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA, 30348-5281.

For residents of Iowa: You are advised to report any suspected identity theft to law enforcement or to the Attorney General.

For residents of New Mexico: You are advised to review personal account statements and credit reports, as applicable, to detect errors resulting from the security breach. You have rights under the federal Fair Credit Reporting Act (FCRA), which governs the collection and use of information pertaining to you by consumer reporting agencies. For more information about your rights under the FCRA, please visit https://www.consumer.ftc.gov/sites/default/files/articles/pdf/pdf-0096-fair-credit-reporting-act.pdf or www.ftc.gov.

For residents of Massachusetts: You have the right to obtain a police report filed in regard to this incident. If you are the victim of identity theft, you also have the right to file a police report and obtain a copy of it.

For residents of Oregon: You are advised to report any suspected identity theft to law enforcement, including the Attorney General, and the Federal Trade Commission.

For residents of Rhode Island: You have the right to file or obtain a police report in regard to this incident.

For residents of Arizona, Colorado, District of Columbia, Illinois, Maryland, New York, North Carolina, and Rhode Island: You can obtain information from the offices of your state Attorney General and the Federal Trade Commission about fraud alerts, security freezes, and steps you can take toward preventing identity theft.

Federal Trade Commission – Consumer Response Center: 600 Pennsylvania Ave, NW, Washington, DC 20580; 1-877- IDTHEFT (438-4338); www.identitytheft.gov

Arizona Office of the Attorney General Consumer Protection & Advocacy Section: 2005 North Central Avenue, Phoenix, AZ 85004 1-602-542-5025

Colorado Office of the Attorney General Consumer Protection: 1300 Broadway, 9th Floor, Denver, CO 80203 1-720- 508-6000 www.coag.gov

District of Columbia Office of the Attorney General – Office of Consumer Protection: 400 6th Street, NW, Washington, DC 20001; 202-727-3400; www.oag.dc.gov

Illinois office of the Attorney General: 100 West Randolph Street, Chicago, IL 60601; 1-866-999-5630; www.illinoisattorneygeneral.gov

Maryland Office of the Attorney General – Consumer Protection Division: 200 St. Paul Place, 16th floor, Baltimore, MD 21202; 1- 888-743-0023; www.oag.state.md.us

New York Office of Attorney General – Consumer Frauds & Protection: The Capitol, Albany, NY 12224; 1-800-771-7755; https://ag.ny.gov/consumer-frauds/identity-theft

North Carolina Office of the Attorney General – Consumer Protection Division: 9001 Mail Service Center, Raleigh, NC 27699; 1- 877-566-7226; www.ncdoj.com

Rhode Island Office of the Attorney General – Consumer Protection: 150 South Main St., Providence RI 02903; 1-401-274-4400; www.riag.ri.gov     

View original content to download multimedia:https://www.prnewswire.com/news-releases/notice-of-data-breach-302346471.html

SOURCE STIIIZY, Inc.