Washington State Cannabis Tracking System Hacked

Washington state’s new cannabis-tracking system was hacked the weekend of Feb. 3, according to the Washington State Liquor and Cannabis Board (WSLCB). Among other information, the hacker stole route information associated with four days of marijuana deliveries.

• By Jessica Davis
• Feb 12, 2018

Washington state’s new cannabis-tracking system was hacked the weekend of Feb. 3, according to the Washington State Liquor and Cannabis Board (WSLCB). Among other information, the hacker stole route information associated with four days of marijuana deliveries.

Washington state requires the tracking of marijuana products from when it’s planted to when it’s sold to a pot user, allowing regulators to watch for suspicious movement of plants or products. The state’s traceability system, Leaf Data, was breached on Feb. 3.

“A computer vulnerability was exploited on Saturday, allowing unauthorized access to the traceability system,” according to WSLCB Deputy Director Peter Antolin. “There are indications an intruder downloaded a copy of the traceability database and took action that caused issues with inventory transfers for some users. We believe this was the root cause of the transfer/manifest issue experienced between Saturday and Monday.”

According to Antolin, the information downloaded did not contain personally identifiable information and, except for the manifest data, most data captured by the intruder was already public.

Manifest data includes detailed information on where cannabis products in the legal market are, where they’re from, and where they’re going, as well as transporter vehicle descriptions and license plate numbers. That data could potentially be used to intercept shipments or even rob drivers of cash and cannabis products.

Leaf Data developers MJ Freeway discovered problems associated with the hack on Feb. 3 and notified WSLCB on Monday. On Thursday, all marijuana licensees were notified and the WSLCB contacted the Washington State Office of CyberSecurity, which is investigating the hack.

According to WSLCB, it and MJ Freeway “continue to implement several strategies to prevent future vulnerabilities,” but because the investigation is ongoing, “details on security are not publicly available.”