FTC takes action against Drizly for 2020 data breach
The FTC (Fair Trade Commission) is planning to punish Druzley and its CEO James Corey Rilas for a data breach that exposed the information of 2.5 million customers.
As CNN Business reports, Druzley is facing strict restraining orders as part of an enforcement action by the FTC regarding alleged security failures that led to the data breach.
The FTC is going after Druzley and its CEO with individual actions.
The FTC is moving forward with its proposed orders against alcohol delivery service Drizly and its CEO for compromising the data of 2.5 million customers.
In 2018, the company was alerted to security issues after a Drizly employee posted the company’s Amazon Web Services login to a cloud account on GitHub.
According to Engadget, because of this, hackers hijacked the logins and used the information they had to break into the servers to mine cryptocurrency.
Drizly stores its data in the Amazon Web Services cloud, including users’ emails, postal addresses, phone numbers, and even unique devices, geographic locations, and third-party data.
However, an investigation by the FTC found that the company still failed to fix the breach, leading to an FTC order requiring it to destroy unnecessary data.
Additionally, the FTC prohibits Drizly from collecting and maintaining data and imposes specific safeguards on its CEO for his role in the illegal business practices practiced by Drizly.
“Our proposed injunction against Drusley also ensures that the CEO faces the consequences of the company’s negligence,” said Samuel Levine, director of the Bureau of Consumer Protection.
Axios writes that FTC Chair Lena Khan also says she will strengthen the orders by naming individual executives to ensure they take retaliation from the FTC seriously.
“Today’s settlement sends a very clear message: protecting Americans’ data is not arbitrary,” says Khan, adding that security should be a priority for any CEO.
The FTC strengthens the complaints against Drizly with multiple allegations.
Drizly is an online marketplace acquired by Uber where consumers of the legal drinking age can order beer, wine, and spirits from retailers.
The Boston-based Uber subsidiary failed to take adequate steps to address security concerns that led to the data breach, fueling FTC charges against Druzley and its CEO.
According to the FTC’s official statement, Drizly and its CEO, Relais, failed to protect and safeguard user’s personal information, which led to its collection.
They also found that the company did not take adequate security measures to protect customer data, develop appropriate security policies, and train employees on security procedures.
The commission also alleged that the company stored critical information on an insecure platform but neglected to monitor potential security risks such as unauthorized access.
Additionally, the FTC found that the omission caused intentional financial harm to consumers and malicious use of personal information that could have been harmful to Drizly’s clients.
With that, the agency voted 4-0 to issue the proposed administrative complaint, and gave Drizly and Rellas 30 days to accept the consent agreement, Axios says.