The Federal Trade Commission (FTC) announced on Monday a proposed order to take action against Drizly and its CEO in connection with a 2020 data breach that exposed information about 2.5 million consumers.
The FTC said Uber subsidiary Drizly and CEO James Cory Rellas will be required to destroy all data collected by the online alcohol marketplace that is not necessary for operations, as well as limit future data collection. according to the proposed consent order. It would also mandate the implementation of a more robust information security program and the establishment of safeguards to “protect against the security incidents described in the complaint,” according to the FTC.
UBER TO BUY DRIZLY ALCOHOL DELIVERY APP FOR OVER $1.1 BILLION
The order further seeks to impose requirements on Rellas that would follow him even if he and the online liquor market split. At any future business that collects data from more than 25,000 consumers where you serve as a majority owner, CEO, or executive with information security roles, you would have to implement an information security program, according to the FTC.
“We take consumer privacy and security very seriously at Drizly, and we are happy to put this 2020 event behind us,” a Drizly spokesperson told FOX Business.
The FTC complaint alleged that Drizly and Rellas failed to take adequate steps to protect customer data from hackers after being notified of security issues in 2018. The breach occurred two years later, in 2020, when A hacker gained access to the company’s database after breaking into an employee account and obtaining the company’s GitHub login credentials, according to the FTC.
HACKER WHO VIOLATED FAST COMPANY WONDERS ‘ANYONE COULD HAVE DONE IT’
Subsequently, two dark web websites put personal information of Drizly clients up for sale, the FTC alleged.
“Our proposed order against Drizly not only restricts what the company can withhold and collect in the future, but also ensures that the CEO faces consequences for the company’s carelessness,” said Samuel Levine, director of the office of protection. the FTC consumer, in a press release. . “CEOs taking shortcuts on security should take note.”
Once a description of the proposed consent order has been published in the Federal Register and subjected to a 30-day comment period, the FTC will make a decision on its termination. The agency said it will publish it in the Federal Register “soon.”
GET FOX BUSINESS ON THE GO BY CLICKING HERE