Aurora

​A hacker is selling the data stolen from cannabis giant Aurora Cannabis after breaching their systems on Christmas day.

Aurora Cannabis is a Canadian cannabis producer listed on both the Toronto Stock Exchange and the New York Stock Exchange. The company operates numerous cannabis-related medical and consumer brands, including MedRelease, CanniMed, Whistler Medical Marijuana Corp., San Rafael, Daily Special, and Woodstock.

Marijuana Business Daily reported that former and current employees received data breach notifications from Aurora Cannabis after the company suffered a cyberattack on December 25th, 2020.

The data breach notifications describe what data was stolen in the attack, with each employee reporting different compromised data.

“He said each person reported different data compromised in the breach, including credit card information, government identification, home addresses and banking details,” MBD reported.

Hacker selling stolen data for one bitcoin

Today, the hacker behind the Aurora Cannabis attack began selling the stolen data on a hacker forum for one bitcoin, approximately 39,000 at today’s prices. As part of the post to promote the sale, the threat actor leaked images of eleven files stolen during the attack.

Hacker forum post selling Aurora Cannabis data
Hacker forum post selling Aurora Cannabis data

The samples of stolen data included images of passports, checks, driver licenses, and business documents.

Image of check stolen during the data breach
Image of check stolen during the data breach
Sensitive information redacted by BleepingComputer

In an interview with the hacker, BleepingComputer was told that Aurora Cannabis was breached on December 25th after the threat actor hacked into their network.

The threat actor claims to have stolen 50GB of data, including customers’ and employees’ personal information.

After stealing the data, the hacker states they contacted Aurora Cannabis to ransom the data back to them, but “all them ignore this breach.”

The threat actor claims that they still have access to Aurora’s network. When asked if Aurora knows that they continue to have access, BleepingComputer was told, “i send mail but i think all employs ignored me.”

BleepingComputer has contacted Aurora Cannabis about the attack but did not receive a response.