A data breach at Aurora Cannabis has exposed the personal information of an unknown number of the Canadian company’s current and former employees, Marijuana Business Daily has learned.
An email sent to a victim of the data breach cites a Dec. 25 “cybersecurity incident during which unauthorized parties accessed data in (Microsoft cloud software) SharePoint and OneDrive.” The email was shared with MJBizDaily.
The victim, a former Aurora employee who was laid off in February, wasn’t notified of the breach until late in the evening of Dec. 31.
Aurora spokeswoman Michelle Lefler confirmed that the company “was subject to a cybersecurity incident” on Christmas that affected both current and former employees, although she did not confirm what kinds of personal information were exposed.
“The company immediately took steps to mitigate the incident, is actively consulting with security experts and cooperating with authorities,” Lefler wrote in a statement.
“Aurora’s patient systems were not compromised, and the company’s network of operations is unaffected.”
Aurora’s properties include the Massachusetts hemp company Reliva, which it bought for $40 million in a May stock deal.
Lefler said she was unable to provide the specific number of Aurora employees whose data was exposed.
“I can confirm we are following all security protocols, are working with privacy councils and law enforcement and have communicated directly with any impacted current or former employee,” she wrote.
She did not respond to an MJBizDaily inquiry regarding whether the breach affected Aurora workers outside Canada and did not specify which authorities Aurora notified about the breach.
Aurora trades as ACB on the Toronto Stock Exchange and the New York Stock Exchange.