Personal data from thousands of people vying to work in Nevada‘s medical marijuana industry were leaked due to a glitch in the state’s website, which has now been taken offline until security can be restored.
The bug exposed the full 8-page application from nearly 12,000 applicants to anyone with the right web address, according to ZDnet, a tech blog run by CBS news.
The applications included the person’s full name, social security number, home address, citizenship, height, weight, race, eye and hair color.
It is believed that only those applying to become industry workers, not patients, had their data compromised.
The state Department of Health and Human Services, which oversees the medical marijuana program, said they would be notifying those affected within the next few days, in line with state law.
Nevada voters authorized medical marijuana in 2000, but dispensaries weren’t included at the time. In 2013, state lawmakers passed legislation allowing dispensaries, with the first dispensaries opening in 2015.
Tags: cybersecurity, Nevada, Nevada medical marijuana, Nevada medical marijuana dispensaries