(Newser) – A marijuana retailer in Newfoundland is summing up the sentiment three weeks after recreational cannabis became legal across Canada. "We need more weed!" Trevor Tobin tells the New York Times, adding suppliers don't have enough plants or packaging equipment to meet soaring demand. It's a problem next door in New Brunswick, where 10 of 20 legal stores were temporarily closed Monday due to supply issues. Quebec's 12 cannabis stores are now closed three days a week, while issues including a postal strike have delayed weed deliveries in Ontario, prompting some to return to illegal dealers. A Health Canada rep says issues are to be expected given "the launch of an entirely new regulated industry" with no dependable indicator of demand.
"It's hard to find know-how in an industry that was prohibited," adds Mandesh Dosanjh of British Columbia's Pure Sunfarms, who cites challenges like having to learn the art of growing cannabis at scale, fashion new supply chains, and accommodate Health Canada inspectors. Still, a rep for Quebec's cannabis agency understands the frustration among consumers. "Producers can add more people to try and meet demand, but that won't make the plants grow any faster," he says. Per the Toronto Star, industry insiders say a move toward automation may be necessary to speed up production in a cost-effective way, with shortages likely to continue until 2020. (Legal pot is coming to more US states.)
Video: Ontario Cannabis Store data breach affects thousands
The decision to make recreational cannabis legal in Ontario, Canada, has been fraught with problems and now has been tarnished by a data breach at Canada Post.
On Wednesday, the Ontario Cannabis Store (OCS) revealed the security incident on Twitter, saying that an unnamed individual was able to access the order records of 4,500 customers, or roughly two percent of the firms customer base.
The compromised information included names or the initials of nominated signatories, postcodes, dates of delivery, OCS reference numbers, Canada Post tracking numbers, and OCS corporate names and business addresses.
However, OCS insists that the name of buyers — unless they were accepting delivery — the full delivery address, contents of the order, and payment information were not compromised.
Smoking weed might now be legal in the area but this does not mean individuals taking advantage of the change in legislation would necessarily want their usage known — and no-one wants their personal data stolen and potentially leaked on the web, no matter the circumstances.
The breach was uncovered on November 1. Canada Post and OCS have been working together since this date to investigate how the data breach was allowed to take place, and OCS said a failure by Canada Post to inform customers led to the company taking action.
“The OCS has encouraged Canada Post to take immediate action to notify their customers,” the cannabis supplier said. “To date, Canada Post has not taken action in this regard. Although Canada Post is making its own determination as to whether notification of customers is required in this instance, the OCS has notified all relevant customers.”
Canada Post Breach Affects Private Data Of 4,500 Cannabis Customers In Ontario
Canada Post may be in hot water, but over 1,000 complaints have been received by the Ontario Ombudsman relating to OCS, including those describing billing issues, late deliveries, and poor customer service.
A data breach is likely the last thing OCS would want to face when already facing censure over sales — especially when the Ombudsman considered the problem severe enough to issue a press release — and while the regulatory body was only at the stage of monitoring the complaints, the security incident might escalate the situation, whether or not OCS was at fault in this instance.
The OCS is the only legal supplier in the region until April when private retailers are permitted to launch.
A Canada Post spokesperson told ZDNet that the individual behind the leak “only shared it with Canada Post and deleted it without distributing further.”
The postal service said in a statement that someone had used its delivery tracking tool to gain access to personal information of 4,500 customers of the Ontario Cannabis Store but declined to identify the information.
“Important fixes have been put in place by both organizations to prevent any further unauthorized access to customer information,” the spokesperson added. “We are pleased that OCS has notified their customers of the issue and will continue to work together to provide customers with assurance that this is being fully addressed.”
The Federal Privacy Commissioner and the Ontario Information and Privacy Commissioner have been informed of the breach.
“It didnt take long for the cannabis industry to be treated like any other one and turned into a target for cyber attacks, this time exposing addresses and names or initials that are most likely out in the Dark Web,” Don Duncan, director at NuData Security told ZDNet. “While names and addresses are always useful to cybercriminals, companies can devalue that personally identifiable information by adding a layered security solution that includes passive biometrics and behavioral analytics so that customers are also identified by their online behavior.”