Ohio Marijuana Card Under Investigation for Data Breach of Over 900,000 Records
Schubert Jonckheer & Kolbe LLP is investigating a data breach that led to unauthorized access to 957,434 records held by Ohio Medical Alliance, LLC. Ohio Medical Alliance, LLC, which does business as Ohio Marijuana Card, helps individuals obtain physician certified medical marijuana cards through telemedicine services and in-person clinics in Ohio, Arkansas, Kentucky, Louisiana, Virginia, and West Virginia.
On July 14, 2025, cybersecurity researcher Jeremiah Fowler discovered databases originating from Ohio Marijuana Card that were not password protected or encrypted. These databases included 210,620 email addresses of clients, employees, or business partners. The following patient information was found in the databases: images of driver’s licenses or identification documents that contained names, physical addresses, dates of birth, and license numbers; medical records; release forms; physician certification forms with Social Security numbers; mental health evaluations; and identification documents from multiple states.
If your personal information was impacted by this incident, you may be at risk of identity theft and other serious violations of your privacy. As a result, you may be entitled to money damages and an injunction requiring changes to Ohio Marijuana Card’s cybersecurity practices.
If you received notification of this data breach or are affiliated with Ohio Marijuana Card and wish to obtain additional information about your legal rights, please fill out the form below.
