Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
CCS (Cannabis Club Systems)

CCS (Cannabis Club Systems) Vendor Cyber Rating & Cyber Score

cannabisclub.systems

CCS es un sistema de software hecho a medida de clubes de cannabis y dispensarios. Nuestro sistema hace que la gestión y administración de su club sea una cosa fácil, eficaz y agradable. CCS is a unique software solution specifically tailored towards cannabis clubs and dispensaries. Our system seeks to make the administration and management of your club as easy, efficient and enjoyable as possible.


C A.I CyberSecurity Scoring

C
Company Information
Website:http://cannabisclub.systems/
Employees number:2
Number of followers:0
NAICS:5415
Industry Type:IT Services and IT Consulting
Homepage:cannabisclub.systems
C Risk Score (AI oriented)
Between 700 and 749
logo
CIT Services and IT Consulting
Updated:
10/06/2026
720/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
C Global Score (TPRM)
xxxx
logo
CIT Services and IT Consulting
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

C
CModerate
Current Score
720Ba (MODERATE)
01000
1 incidents
-68 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
721Before Incident
JUNE 2026
720Before Incident
MAY 2026
786Before Incident
Breach
01 May 2026C
Cannabis Club Systems: Nearly a million passports and photo IDs were left unprotected on the public internet

Massive Data Exposure: Over 985,000 Photo IDs Left Unprotected in Cannabis Club Software Breach

718After Incident
CRITICAL-68
CCS1781130576
Massive Data Exposure: Over 985,000 Photo IDs Left Unprotected in Cannabis Club Software Breach Security researcher Sammy Azdoufal uncovered a severe data exposure involving over 985,000 photo IDs, including passports, driver’s licenses, and personal details, left publicly accessible on the internet due to critical security flaws in software used by cannabis clubs in Spain. The breach, discovered in May, stemmed from Cannabis Club Systems (CCS), an Irish company formerly known as Nefos Solutions, which provides verification and management software for cannabis clubs. Azdoufal, who previously exposed vulnerabilities in DJI robot vacuums and baby monitors, found that CCS’s systems stored sensitive documents at unprotected public URLs, requiring no authentication to access. The exposed data included names, phone numbers, home addresses, cannabis consumption habits, and even selfies affecting visitors from over 30 countries, including 30,000 U.S. citizens and reportedly some celebrities. The issue originated from CCS’s PuffPal app, which clubs used for member verification via QR codes. Azdoufal’s investigation revealed hardcoded Stripe API keys, unsecured admin portals, and weak club passwords that could be cracked with minimal effort. Even after initial fixes, CCS temporarily re-exposed data to accommodate club complaints, prioritizing functionality over security. Following pressure from Azdoufal and media inquiries, CCS shut down PuffPal and vulnerable APIs on June 10, securing the exposed IDs. The company has since reported the breach to Ireland’s Data Protection Authority (DPC), though it missed the 72-hour GDPR disclosure deadline, risking fines. CCS co-founder Andreas Nilsen acknowledged the lapse, blaming an outsourcing firm, 9Series, for the flawed development but taking responsibility for the oversight. While Nilsen claims no evidence of malicious access beyond Azdoufal’s findings, the incident highlights widespread risks in third-party software security, echoing a similar breach last month where a UK visa portal exposed 100,000 passports via unsecured URLs. CCS plans to replace PuffPal with a independently audited app and has severed ties with 9Series.
INCIDENT DETAILS -
TYPE
Data Exposure
IMPACT
Data Compromised: 985,000 photo IDs (passports, driver’s licenses), names, phone numbers, home addresses, cannabis consumption habits, selfiesSystems Affected: PuffPal app, CCS verification and management softwareOperational Impact: PuffPal app and vulnerable APIs shut downBrand Reputation Impact: Significant (public exposure, GDPR violation risk)Legal Liabilities: Potential GDPR fines, regulatory notificationsIdentity Theft Risk: High (exposed PII, photo IDs)Payment Information Risk: Potential (hardcoded Stripe API keys)
DATA BREACH
Photo IDs (passports, driver’s licenses)NamesPhone numbersHome addressesCannabis consumption habitsSelfiesNumber Of Records Exposed: 985,000Sensitivity Of Data: High (PII, government-issued IDs)Images (photo IDs, selfies)Personally Identifiable Information: Yes (names, addresses, phone numbers, government IDs)
APRIL 2026
786Before Incident
MARCH 2026
786Before Incident
FEBRUARY 2026
786Before Incident
JANUARY 2026
786Before Incident
DECEMBER 2025
786Before Incident
NOVEMBER 2025
786Before Incident
OCTOBER 2025
786Before Incident
SEPTEMBER 2025
786Before Incident
AUGUST 2025
786Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for C ?
?
What was C's A.I Rankiteo Cyber Score in June 2026 ?
?
What was C's A.I Rankiteo Cyber Score in May 2026 ?
?
What was C's A.I Rankiteo Cyber Score in April 2026 ?
?
What was C's A.I Rankiteo Cyber Score in March 2026 ?
?
What was C's A.I Rankiteo Cyber Score in February 2026 ?
?
What was C's A.I Rankiteo Cyber Score in January 2026 ?
?
What was C's A.I Rankiteo Cyber Score in December 2025 ?
?
What was C's A.I Rankiteo Cyber Score in November 2025 ?
?
What was C's A.I Rankiteo Cyber Score in October 2025 ?
?
What was C's A.I Rankiteo Cyber Score in September 2025 ?
?
What was C's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on C's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with C ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view C's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?