“Stiiz-Gate: The High-Stakes Data Breach That’s Really Harshing Everyone’s Mellow”

If you thought your biggest worry while puffing away on a lemon-scented vape pen was whether you’d smell like a fruit salad, think again. Prepare yourself for one of California’s more creatively named cannabis companies—STIIIZY—to flip the script from “chill and vibey” to “Oops, we lost your passport.” Yes, ladies and gentlemen, please keep your arms and legs inside the ride at all times: STIIIZY has apparently gotten itself well and truly bamboozled by a data breach.

Now, forgive me for finding a wee bit of irony here: One might assume a brand infamous for semi-clandestine cannabis products might also be, you know, quite good at stealth. But on November 20, 2024, STIIIZY announced they’d discovered a few uninvited digital guests rummaging around their point-of-sale vendor’s systems—an “organized cybercrime group” (i.e., a bunch of keyboard-wielding miscreants who thrive on misery and Red Bull). It turns out these cunning thieves had been swiping vital tidbits like names, birth dates, drivers’ license numbers, signatures, and even pictures—which will now serve as cherished mementos for these criminals’ holiday scrapbook collection, presumably labeled “Potential Identity Thefts: 2024 Edition.”

And it’s not just any old store that’s impacted. Oh no. If you visited STIIIZY Union Square, Mission, Alameda, or Modesto in that big October 10–November 10 window, you might want to check if your identity’s now gallivanting around with a brand-spanking-new timeshare in Bermuda. We’re talking everything from your address (the real one, not the Post-it note scribble from your wallet) to your medical cannabis card—because what could be more fun than explaining to your bank that no, you aren’t the one ordering 1,700 bubble-wrapped avocados to be shipped to a location in Outer Mongolia?

Of course, STIIIZY is trying to set our hearts at ease by saying they’ve “beefed up security,” which we can all interpret to mean, “We’re so sorry we messed up, but please know we’ve now stuffed a few more locks on the door.” They’re even offering free credit monitoring to impacted folks—because in these modern times, “Oops, we spilled your ID in the digital gutter!” is apparently best remedied by politely offering you a subscription to watch your own credit rating get whacked like a piñata.

Meanwhile, a bunch of scallywags known as “Everest” proudly boasted about all this on their data-leak website, showcasing screenshots of driver’s licenses and medical marijuana cards, as if they’d just set up a lemonade stand for stolen credentials. You might say that Everest’s approach to brand-building is quite different from STIIIZY’s. STIIIZY enjoys crafting cannabis-lifestyle products; Everest enjoys demonstrating that you should never leave valuables on your computer’s metaphorical passenger seat with the windows rolled down.

So if you’re one of the 422,075 unlucky folks potentially stuck in this fiasco, keep a watchful eye on your credit, your spam inbox, and, I don’t know, maybe your cat’s social security number while you’re at it—just to be safe. Also, be ready for the possibility that someone out there has your photo and might be trying to pass themselves off as you (though, in a cosmic sense, it’s kind of flattering to have an imposter, isn’t it?).

In conclusion: If you’re a STIIIZY fan, my condolences on this unwelcome development. Perhaps next time, in addition to your ID, wear a Groucho Marx disguise in case cybercriminals get curious. Because in this wacky, wonderful digital age, the only thing higher than your cannabis-induced euphoria should be your cybersecurity measures—right, STIIIZY?