The website in question has reportedly been pulled offline for the time being.

Bad news for those who have applied to sell medical marijuana in Nevada.

ZDNet today reported that a glitch in the state government’s website has leaked the personal information of more than 11,700 applicants seeking to dispense medical marijuana there. These applications are reportedly chock-full of information: they’re eight pages long and contain fields for the applicant’s full name, date and place of birth, home address, social security number, driver’s license number, citizenship, and other data like height, race, eye and hair color.

“Security researcher Justin Shafer found the bug in the state’s website portal, allowing anyone with the right web address to access and enumerate the thousands of applications,” according to ZDNet, which has not published the URL of the site in question as the bug has not yet been fixed.

ZDNet said it contacted a number of applicants who’s data was leaked; one person confirmed that the information was accurate.

The website in question has been pulled offline for the time being, a spokesperson for the Nevada Health and Human Services Department told ZDNet. The leaked information made up a “‘portion’ of one of several databases,” the report notes. The state is planning to notify affected individuals in the next few days.

ZDNet said it’s not clear how many years the applications date back. Nevada legalized medical marijuana in 2000.

Meanwhile, news of the leak comes after word spread earlier this month that a hacker breached the US agency responsible for certifying voting equipment. Fortunately, that breach reportedly happened after Election Day.

Leave a Reply