Cannabis delivery startup Eaze confirms theft of some user data from service provider

An anonymous source tipped off Crunchbase News that Eaze, the Series B-stage cannabis delivery startup with over $24 million in venture funding, has experienced a security incident.

Some of its user data may have been stolen by a former employee of Don Davidson, MD, a medical service provider that provides patient consultations and medical cannabis recommendations (the equivalent of a prescription) over the phone and video chat.

DonDavidsonMD.com made the disclosure on its user forum:

On Monday, June 26, 2017, Don Davidson MD offices detected unauthorized access by a former employee to patient data in our electronic medical records system. Patients who have received medical consultations through DonDavidsonMD.com or EazeMD may have had limited medical information compromised; name, phone number and patient notes.

We have since blocked this unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to assess the full extent of the impact.

Eaze’s head of PR, Sheena Shiravi, has confirmed the incident. In an email replying to Crunchbase News‘s inquiry about the incident, she said that “The office’s [Don Davidson MD’s] access to the platform was immediately revoked,” and emphasized “[w]e have no evidence to suggest that Eaze’s systems were compromised.”

According to a source with close knowledge of the situation, the stolen user data is being held for ransom. The source suggests the person or persons who stole such data are asking for $70 million for it. Don Davidson MD’s office and Eaze are still determining the scale of the theft. When asked to confirm what we’ve heard about the ransom, Shiravi stated: “We’re still in the process of verifying all the facts. We’re considering this a very serious matter and are addressing it as appropriate.”

Crunchbase News will update the story as new details emerge.