A flaw in the state's website portal exposed data.
A flaw in the state's website portal exposed data.

Employee information was compromised after the web portal of a medical marijuana facility in Nevada was hit by a breach.

The state's Division of Public Behavioral Health (DPBH) said it is investigating a compromise of its Medical Marijuana Program database, according to KTVN's 2news

The Nevada State Medical Marijuana Program learned of the incursion on Dec. 28, which exposed application information of individuals with medical marijuana agent cards, such as employees and owners of medical marijuana establishments. The data included Social Security numbers and dates of birth. Private patient information was believed not to be affected.

The flaw in the state's website portal, which made the data accessible on the site, was detected by a security researcher.

“The entire portal has been taken down,” said Cody Phinney, an administrator at DPBH. “To prevent further breaches, the Division's IT staff are working with state IT staff, investigating the breach." He added that further information will be shared when known.

DPBH has begun notifying those affected and advising they contact the three credit reporting agencies. As well, the incident is being investigated by area law enforcement.