FTC Takes Action Against Drizly for 2020 Data Breach

From CNET: Drizly has agreed to tighten its data security practices after federal regulators accused the alcohol delivery company and its CEO of security lapses related to a 2020 data breach that exposed the personal information of 2.5 million customers.

The Federal Trade Commission said Monday it had reached a proposed consent agreement with Drizly, a Boston-based subsidiary of Uber that offers delivery of beer, wine and other alcoholic spirits to consumers of legal drinking age. The FTC alleged that the company and its CEO, James Cory Rellas, were alerted to security problems two years before the 2020 breach yet failed to act to protect consumers' data.

The proposed order limits the information the company can collect and retain and requires Drizly to implement a comprehensive data security program and destroy unnecessary data. The FTC said the proposed order also binds Rellas to specific data security requirements "for his role in presiding over unlawful business practices."

"Our proposed order against Drizly not only restricts what the company can retain and collect going forward but also ensures the CEO faces consequences for the company's carelessness," Samuel Levine, director of the FTC's Bureau of Consumer Protection, said in the statement. "CEOs who take shortcuts on security should take note."

View: Full Article