A point of sale vendor for at least three cannabis dispensaries in the United States exposed the personal data of at least 30,000 cannabis users, including full names, photo IDs, dates of birth, telephone numbers, home addresses, medical ID numbers, email addresses, signatures, cannabis variety and quantity purchased, and sales figures when it failed to