Roughly 11,700 people applying for a license to dispense medical marijuana had their personal information leaked after a bug infected a website run by the Nevada state government.
The applicants provided the state with their social security number, full name, home address, weight, height, race, citizenship, and eye and hair color, according to ZDNet. In some case, people were also asked to present their driver’s license number.
Nevada’s government website has a portal to its Medical Marijuana Program (NMMP) so people can officially obtain authorization to open a dispensary. Security researcher Justin Shafer discovered a glitch in the virtual portal that made all the information viewable to any user of the Internet as long as they had a certain web address.
Since the leak was publicized, the website has been pulled, a Nevada Department of Health and Human Services representative told ZDNet.
The same spokesperson also said that the leaked information was only a part of one of the many databases it uses. (RELATED: Obama Says ‘No Serious Person’ Could Rig An Election Even After Several Gov’t Hacks)
The NMMP was first instituted in 2001. It permitted sick Nevada residents the ability to acquire and use marijuana for medical purposes. In 2014, Nevada started to allow people, “under very limited circumstances,” to apply for a permit to open medical marijuana dispensaries in the state.
A ballot initiative for recreational marijuana legalization passed in Nevada Nov. 8 by a margin of 54.5 percent to 45.5 percent.