Cyber Incident Victim: Aurora Cannabis

On December 25, 2020, Aurora Cannabis experienced a cybersecurity incident involving unauthorized access to its Microsoft cloud software platforms SharePoint and OneDrive. The breach compromised personal information belonging to an unspecified number of current and former employees of the Canadian cannabis producer. An email notification sent to at least one affected individual, later shared with Marijuana Business Daily, confirmed the incident date and identified the compromised systems. The company did not disclose how the intrusion was detected or whether external threat actors were responsible for the unauthorized access. Aurora Cannabis did not provide immediate details regarding the specific types of employee data exposed during the breach.

The company asserted that the incident exclusively impacted employee information, explicitly stating that no patient data was accessed or compromised. Aurora Cannabis did not release information about the total number of affected individuals or the geographic scope of the breach beyond confirming it involved both current and former workers. No public statements from the company detailed containment measures taken following the discovery of the breach. The email notification served as the primary source of information regarding the incident's occurrence and limited technical details. Marijuana Business Daily reported the breach after reviewing the notification but did not receive additional commentary from Aurora Cannabis regarding potential operational or financial impacts resulting from the data exposure.