Of course, in the digital world, anyone can claim to be anyone. Yet a person claiming to be the IT director of a medical marijuana dispensary took to Slashdot in hopes of receiving legal advice after the point of sale system the MMJ used was hacked.Denver-based MJ Freeway, a medical marijuana \u201cseed-to-sale\u201d tracking software company experienced a \u201cservice interruption\u201d \u2013 that turned out to be a hack \u2013 a week ago on January 8. The hack of the point-of-sale system left more than 1,000 retail cannabis clients unable to track sales and inventories. Without a way to keep records in order to comply with state regulations, some dispensaries shut down, while others reverted to tracking sales via pen and paper.From the beginning, MJ Freeway has maintained that no client\/patient pot dispensary data was stolen. Yet the alleged IT director of such a dispensary wrote:This system was built on Drupal in 2010. I'm guessing the more they modified the Drupal core, the more bug-fixed versions behind they fell behind (not to mention the rest of the LAMP stack). They've lost all customer data, meaning there was no air-gapped, off the net backups. What scares me about this breach is, I have about 30,000 patients in my database alone. If this company has 1000 more customers like me, even half of that is still 15 million people on a list of people that "Smoke pot" potentially floating out there on the net. I guess because we're \u201cMedicinal\u201d it's no better than someone knowing a person takes Xanax for their nerves.I feel like this company is playing on the ignorance of the general public when it comes to these types of IT security issues. I don't think people get how serious this is. What should I do?MJ Freeway told Marijuana Business Daily that the attack was on its infrastructure \u2013 main databases and backups, \u201cbut no client data was stolen.\u201d Later, the company said it might \u201ctake two or three weeks to fully restore service to dispensaries and recreational marijuana stores.\u201d Again, the point was reiterated that a cyberattack crashed the system, but there was currently no evidence that any \u201cmedical cannabis patient data or business data was decrypted or compromised.\u201dJeannette Ward, director of data and marketing for MJ Freeway, said, \u201cThe attack was aimed at corrupting, not extracting, data. What that means is all client-patient data is still protected, still safe, still encrypted and was not viewed by the attackers.\u201dNevertheless, the Slashdot submitter is not the only one concerned, despite MJ Freeway having tweeted more than once that patient data was encrypted and not compromised. At what point does repeated reassurances of good security start to cause unease?As the throwaway account suggested, was the company running Drupal 6, which was released in 2008 and had an end-of-life announcement issued in June 2014 \u2013 and even extended support ends next month? Is that taking security seriously? The company claims that it now has better security, saying, \u201cDue to the level of security protocols now in place\u2026\u201d.Were there no offline backups, or were there \u201cmultiple redundant backups\u201d from different sources which take a long time to restore? Is the company sure the attackers didn\u2019t get hold of the encryption keys, steal the encrypted data and leave behind corrupted databases? If it was exfiltrated, then even if attackers didn\u2019t read the sensitive data, isn\u2019t that still a breach? What should the alleged pot dispensary IT director do?There are many questions, so on Saturday, MJ Freeway CEO and co-founder Amy Poinsett released a statement via video.\u201cOn Sunday morning, hackers took down both MJ Freeway\u2019s production and backup servers, causing an outage for all our clients.\u201d She apologized before adding, \u201cKeeping our clients\u2019 data secure has always been a top priority. Current analysis shows the attackers did not extract any client or patient data and did not view any patient data thanks to encryption measures we had in place.\u201dWhy does it seem like every company that gets hacked, often due to lax security, then tries to claim how important the security and privacy of its customers are to that company?MJ Freeway is \u201cchanneling\u201d its \u201coutrage into action,\u201d saying it had been working since Monday to connect hundreds of online clients to alternate MJ Freeway sites. It is apparently a time-consuming process as each requires a phone call that lasts until the client\u2019s site is live. \u201cWe\u2019re doing whatever it takes to get clients back on their feet and secure.\u201dPoinsett continued:This outage is a unique situation caused by an unprecedented, malicious attack. The damage from the attack is extensive, but much is repairable. In response to this attack, all clients\u2019 sites have been migrated to a new, more secure environment. It\u2019s one of many measures we are taking to bolster our defenses.Ward said MJ Freeway doesn\u2019t understand the motivation for the attack, or who did the attacking, but it will \u201cdefinitely pursue a criminal investigation.\u201dIf you have any legal suggestions for the IT director asking for help on Slashdot, then please do pass them along.