Cannabis software firm MJ Freeway says its retail clients will see primary services restored during the next few days following what the Denver-based company is calling a “targeted” hack of its servers over the weekend. But a full recovery, including the restoration of historical client data, could take weeks.
“Clients were operational, the first of them, yesterday,” Jeannette Ward, the company’s director of data and marketing, told Leafly on Tuesday. The firm has been working with cannabis businesses to verify their identities and issue them new websites and passwords, she said. “The last clients will be brought online to that tomorrow.”
“No patient, consumer, or client data was ever extracted or viewed. The forensic analysis proves that.”
Jeannette Ward, MJ Freeway
“The site has all the necessary functionality that they had before,” Ward continued. “What will take time is reconstructing historical data” from backups, a process she likened to piecing together a jigsaw puzzle. “We are working literally around the clock to bring them back as quickly as possible.”
Cannabis retailers across the country were forced to either close their doors or find manual workarounds as the result of the outage, which MJ Freeway announced via social media on Sunday. The company counts hundreds of cannabis retailers as clients, with more than a thousand locations using its inventory and point-of-sale services.
In an interview with Marijuana Business Daily, which first reported on the incident, Ward said the disruption was caused by a “direct attack” on the company’s infrastructure.
No client data was stolen in the alleged attack, the company has emphasized. Ward told Leafly that the apparent goal was not to take MJ Freeway’s data but to corrupt it, rendering it unusable. “No patient, consumer, or client data was ever extracted or viewed,” she said. “The forensic analysis proves that. The data was encrypted—so it couldn’t have been viewed—and it was never extracted, so nobody has it and could attempt decryption.”
The company’s website is also down as the result of the incident, although email servers and phones are working. “We have been communicating with clients inbound and outbound,” Ward said.
If the company has an idea of who’s behind the attack, it’s not saying so just yet. A third-party security firm is still in the process of conducting a forensic analysis. “We have forensic analysis that proves what actions the attackers took,” Ward said. “We are learning things. While we do have new information, we are not sharing that because we will likely work with criminal authorities.”
MJ Freeway is among a growing group of seed-to-sale tracking systems that help cannabis businesses track product, comply with state legal regulations, and manage day-to-day operations. While it serves clients in dozens of states, it’s especially common in Colorado, California, and Arizona.
Most affected dispensaries are now operating, Ward said. “You can expect some of the dispensaries to wait a little longer, and we apologize for that inconvenience not only to the dispensaries but to their patients, as well.”
MJ Freeway, like most online services, has experienced downtime before, Ward acknowledged, but those resulted from more routine technical hiccups. “We’ve never experienced an attack of this kind,” she said.
Is the company worried the outage will cost it clients? “We believe that our software solutions and the quality and dedication of our team to support our clients is bar none,” Ward replied. Not only does MJ Freeway feels its product is “better than the competitions,” she said, the company is also developing a new product “that is light years ahead of the product that got attacked.”
“In terms of our long-term future, we still want to be our clients’ partners,” she said, “and we’re going to work really hard to do that.”