Nevada disables online medical pot portal after data exposed
December 29, 2016
LAS VEGAS — Nevada officials took down the state's online medical marijuana portal after personal information about marijuana industry workers was exposed.
The state Division of Public and Behavioral Health said it learned on Wednesday that information about people who applied for medical marijuana agent cards was publicly available online. That included Social Security numbers and dates of birth.
"The entire portal has been taken down," division chief Cody Phinney said in a statement. "To prevent further breaches, the Division's IT staff are working with state IT staff, investigating the breach. We appreciate everyone's patience during this difficult time."
On Thursday, links to online state portals for patients and marijuana businesses led to a message apologizing that the system was temporarily down.
“The entire portal has been taken down. To prevent further breaches, the Division’s IT staff are working with state IT staff, investigating the breach. We appreciate everyone’s patience during this difficult time.”Cody PhinneyDivision chief
Recommended Stories For You
A Dallas man said he discovered the data while he was doing a Google search on Tuesday to see if any government websites had mistakenly posted Social Security numbers.
"I skimmed it looking for anyone's actual social in the Google result because if you see that, that's a good indication something's public where that person wouldn't want it to be public," said Justin Shafer, according to KLAS-TV.
The applications that were accessible on a search included personal information such as home addresses, height, weight and driver's license numbers. Shafer said he believes that more than 11,700 applications were disclosed in the breach.
Officials said private information about medical marijuana patients appears to still be secure. The division is contacting the people affected and three major credit reporting agencies.
Division officials referred to the incident as a cyberattack on Wednesday and said the incident has been referred to law enforcement. Asked Thursday whether they believe the data was exposed in an intentional act or by accident, a division spokeswoman said the matter was part of an ongoing investigation.