On February 8th, Peter Antolin, the deputy director for the Washington State Liquor and Cannabis Board (WSLCB), sent an email to licensees explaining why the transition to their new traceability system was disrupted. Last Saturday, someone gained access to the sensitive information in Leaf Data Systems, the state’s traceability software that is powered by MJ Freeway.
“A computer vulnerability was exploited on Saturday, allowing unauthorized access to the traceability system,” Antolin told licensees in the email. “There are indications an intruder downloaded a copy of the traceability database and took action that caused issues with inventory transfers for some users. We believe this was the root cause of the transfer/manifest issue experienced between Saturday and Monday.”
The email goes on to say that no personally identifiable information was available to the ‘intruder,’ but some sensitive information was clearly accessed. That data includes route information of manifests filed between February 1st and 4th as well as transporter vehicle information including VIN, license plate number and vehicle type, according to the email.
That email leaves much to be desired. For one, they do not exactly have a solution, instead trying to alleviate licensees’ worries with a hollow inanity full of meaningless jargon: “The WSLCB and MJ Freeway continue to implement several strategies to prevent future vulnerabilities to future intrusions,” reads the email. “This includes full logging and monitoring and working with third-party entities. Since this remains an active investigation, details on security are not publicly available.” However, today the WSLCB is hosting a webinar where Peter Antolin, their IT division, the MJ Examiners unit and enforcement will be available to answer questions, according to the email.
In November of 2017, BioTrackTHC, the company that held the previous contract for Washington’s traceability software, helped the state through the transition period with a temporary Band-Aid solution to hold the state over until January of 2018. A month after they expected to implement the new MJ Freeway system, the latest security breach occurred this week and disrupting the rollout yet again.
At the end of the email Antolin sent to licensees yesterday, he says there will continue to be attempts to breach the system’s security. “The bottom line is that this incident is unfortunate,” says Antolin. “There will continue to be malicious cyberattacks on the system. This is true of any public or private system and is especially true of the traceability system.” This begs a few questions: why aren’t we hearing about this kind of security breach in other states’ traceability systems? What are other companies doing that prevents this from happening? Why does this keep happening to MJ Freeway?