Marijuana shops across the country, including seven medical dispensaries in Massachusetts, are being affected by the apparent hack of a sales and inventory system widely used in the cannabis industry.
Two medical marijuana dispensaries in the state suggested patients delay their appointments until the system was back up or a fix is in place.
MJ Freeway, a Denver company whose “seed-to-sale” tracking software is used by hundreds of marijuana companies to comply with state regulations, said its main servers and backup system each went down Sunday morning and remained offline as of Monday afternoon.
New England Treatment Access, a medical dispensary with locations in Brookline and Northampton, was among the shops affected by the hack. A message on its website said transactions would take longer than usual at both locations because staffers would need to “conduct certain sales functions manually.” It asked patients to delay their visits if possible.
The Alternative Therapies Group, which operates a dispensary in Salem, posted a similar message on its website.
The software is a major tool for marijuana dispensaries, which use it to ring up sales to customers, track inventory, prepare required reports to state regulators and other business functions.
A spokeswoman for MJ Freeway said the outage, first reported by the industry publication Marijuana Business Daily, was the work of unknown hackers.
“It was a cyber-attack, and it was targeted at us specifically,” said Jeannette Ward, MJ Freeway’s executive director of data and marketing, in an interview Monday. “We are going full-force with a forensic investigation, and we’ll turn over the results to criminal investigators as needed.”
Ward said encryption prevented the hackers from reading data about MJ Freeway’s retail clients, which include five nonprofits in charge of seven medical dispensaries in Massachusetts, or those shops’ patients and customers. But the attackers did succeed in corrupting, or garbling, the data and making it unusable. The company has not received a demand for ransom or any other communication from the alleged hackers, she added.
The firm is now calling its retail clients one by one to help them switch over to an alternative system while it manually rebuilds its database of client information from various redundant backups.Dan Adams can be reached at firstname.lastname@example.org. Follow him on Twitter @Dan_Adams86.