The Boston Globe reports that hackers early last week took down the servers of MJ Freeway, a system that tracks marijuana sales and inventory, and helps dispensaries prepare regulatory paperwork. The company says no customer or patient information was stolen during the attack, but large amounts of data was corrupted. The recovery process has been slow, and at least some customers are abandoning the company.
With their sales systems down, dispensaries have spent the last week struggling to keep things flowing smoothly. One medical nonprofit, New England Treatment Access (NETA), notified clients in the days after the attack that sales would be slower than usual because staff would have to execute them manually. Other outlets, according to Marijuana Business Daily, were forced to close temporarily.
According to a video statement issued yesterday by MJ Freeway CEO Amy Poinsett, the attack took out both MJ Freeway’s production and backup servers, in what she described as an “unprecedented malicious attack.” While the damage from the attack was severe, Poinsett said “much is reparable.”
The recovery process appears to have been agonizing, requiring one-on-one work with clients to recover data and migrate to new infrastructure. Poinsett admits in her statement that “it’s taking more time than we’d like it to,” and some of MJ Freeway’s customers have run out of patience. In a more recent update posted to their website, NETA says that “Our staff has been working night and day with [MJ Freeway] to get us back online, but to no avail. Therefore, we have decided to transition to a new system.”
An MJ Freeway spokesperson told the Globe last week that the attack was specifically targeted at MJ Freeway, which is based in Denver. The company reports that it has received no ransom demands, suggesting that the attack could have been personally or politically motivated.
MJ Freeway, which serves more than 1,000 clients, is one of the most prominent startups providing technical infrastructure for the booming legal marijuana industry. In a 2015 Bloomberg profile, the company’s services were described as something like SAP or Oracle for weed, with features like automatic sales reports, staff scheduling, and crop data tracking.
There is currently no information on possible culprits in the attack.