Marijuana Business Daily has learned that Canadian marijuana producer Aurora Cannabis has been the victim of a data breach that has exposed the personal date of former and current workers.
MJBizDaily has seen an email that was sent to a victim of the data breach and cites a Dec. 25 “cybersecurity incident during which unauthorized parties accessed data in (Microsoft cloud software) SharePoint and OneDrive.”
The victim was a former Aurora employee who was laid off in February 2020 alongside hundreds of others and had not been notified of the breach until late in the evening of Dec. 31.
The source said the time with Aurora was “an experience that I think a lot of people want to forget.” They added that “getting a reminder on the last day of 2020, just hours to go before 2020 ended, was just a bit of a kick to the face.”
The former employee has said that three current Aurora workers and five other former staffers had their information also exposed. According to the employee who spoke to the workers, each person had different data compromised in the breach, including credit card information, government identification, home addresses and banking details.
Aurora spokeswoman Michelle Lefler has said that the company “was subject to a cybersecurity incident” on Christmas that affected both current and former employees.
“The company immediately took steps to mitigate the incident, is actively consulting with security experts and cooperating with authorities,” Lefler wrote.
“Aurora’s patient systems were not compromised, and the company’s network of operations is unaffected.”
Aurora has not provided the specific number of Aurora employees whose data was exposed.
“I can confirm we are following all security protocols, are working with privacy councils and law enforcement and have communicated directly with any impacted current or former employee,” wrote Lefler.