Skip to main content

The Money Overview

STIIIZY customers can claim up to $7,500 for a data breach by September 10

Customers of cannabis brand STIIIZY who had personal information exposed in a data security incident have until September 10, 2026, to file claims for payments reaching up to $7,500. The deadline sits roughly 11 weeks away, and a separate cutoff for objections or exclusions arrives even sooner, on August 26, 2026. With breach notifications first sent in January 2025 and a court-authorized settlement now in motion, the filing window is narrowing fast for anyone who qualifies.

Why the September 10 claim deadline puts STIIIZY customers on the clock

STIIIZY Inc. confirmed a data security incident that prompted the company to issue breach notification letters in early 2025. Massachusetts state records show that STIIIZY filed those letters in January 2025, placing the original disclosure more than 17 months before the claim deadline. That gap matters because many affected individuals may have received a letter, set it aside, and never acted on it.

The settlement that followed is now governed by a court-authorized notice campaign. Eligible customers can submit claim forms for compensation of up to $7,500, but they must do so before September 10, 2026. Anyone who wants to opt out of the settlement or raise an objection faces an earlier cutoff of August 26, 2026. Missing either date forfeits the corresponding right, whether that means losing the chance to receive money or giving up the ability to pursue separate legal claims.

One open question is whether affected consumers in states where government agencies publicly hosted the breach notice are more likely to file claims than those who learned about the incident only through the wire-service distribution. California law requires companies to submit a sample breach notice to the Attorney General when they notify more than 500 California residents, and the California Attorney General’s searchable breach index links directly to the STIIIZY sample notice PDF. That kind of persistent, publicly accessible record gives consumers a second chance to discover their eligibility long after a mailed letter lands in a recycling bin. States without a comparable public repository leave residents dependent on the original mailing or the syndicated notice campaign, which can easily be overlooked.

Court filings and state records that anchor the $7,500 figure

The claim amount and key deadlines trace back to a court-authorized legal notice distributed through PR Newswire. In that announcement, the parties explain that personal information of STIIIZY customers may have been affected and outline how to submit a claim before the September 10, 2026, cutoff. The same wire-distributed notice confirms the August 26, 2026, deadline for exclusions and objections, underscoring that these dates are not tentative but part of a court-supervised process.

On the state level, Massachusetts hosts a government-archived copy of STIIIZY’s breach notification letter, which includes incident timing details and the categories of information that were exposed. California’s Attorney General office independently lists the STIIIZY filing in its breach database, confirming that the company met the statutory threshold of notifying more than 500 California residents. Together, these government records and the court-authorized notice form the documentary backbone of the settlement, giving consumers and advocates a way to verify that the claim window and payment caps match what regulators were told.

Gaps in the public record before the filing window closes

Even with multiple official records in place, the public documentation around the STIIIZY incident leaves notable blind spots that could affect participation in the settlement. The available materials describe a “data security incident” and list categories of affected information, but they do not spell out in plain language how many people were impacted nationwide, how the intrusion occurred, or whether law enforcement identified any specific misuse of the data. For potential claimants weighing whether to invest time in the process, that lack of detail can make the risk feel abstract.

Another gap involves how clearly the settlement terms translate into real-world compensation. The $7,500 figure reflects a maximum recovery under certain scenarios, often tied to documented out-of-pocket losses or time spent responding to the breach. Many consumers will receive far less, especially if they cannot produce receipts or other proof. Without a simple, public-facing summary that explains typical payout ranges, some eligible customers may assume the process is not worth the effort and let the September 10, 2026, deadline pass.

Awareness is also uneven. While the California and Massachusetts postings create lasting, searchable trails, residents in other states may have only seen the original mailer or the brief mention in the legal notice campaign. People who moved, changed email addresses, or discarded the notice have limited ways to rediscover their rights. The court-authorized outreach was designed to satisfy due-process standards, but it does not guarantee that every affected person will see, understand, and act on the information in time.

Finally, the record is thin on what, if anything, STIIIZY has done beyond the settlement to reduce the odds of another incident. Breach letters typically reference security enhancements in broad terms, but without follow-up reporting or regulator commentary, customers are left to infer whether the company’s safeguards have meaningfully improved. As the September 10, 2026, claim deadline approaches, that uncertainty may not change the legal options on the table, but it does shape how current and former customers interpret the value of the settlement and their own incentive to participate before the window closes.

Avatar photo

Daniel Harper

Daniel is a finance writer covering personal finance topics including budgeting, credit, and beginner investing. He began his career contributing to his Substack, where he covered consumer finance trends and practical money topics for everyday readers. Since then, he has written for a range of personal finance blogs and fintech platforms, focusing on clear, straightforward content that helps readers make more informed financial decisions.​