Personal data of nearly 12k Nevada medical marijuana applicants leaked

29 Dec, 2016 00:07 / Updated 8 years ago

Nevada’s path to legalizing cannabis is off to a rocky start after a glitch in the state’s Medical Marijuana Program portal revealed the personal information of nearly 12,000 dispensary applicants. The website will be offline until it is fixed.

Nevada may have legalized recreational marijuana use, but that doesn’t mean the state has made it easy for dispensaries. Vulnerability in their application portal on a government website resulted in 11,700 eight-page applications being available to anyone on the internet. Victims of the leak had their Social Security number, driver's license number and full address exposed.

The issue was first noticed by security researcher Justin Shafer who notified at least one dispensary of the issue via email, according to CSO, International Data Group's chief security officers publication.

A spokesperson for the Nevada Department of Health and Human Services (DHHS) told ZDNet that the leaked applications only represented a “portion” of one of multiple databases. In addition, DHHS has taken the website offline until the vulnerability is fixed.

At least one dispensary confirmed to ZDNet that the application information leaked was not just highly sensitive but also accurate. The Nevada state government will notify affected applicants over the next few days.