The Fair Trade Commission is planning to penalize Drizly and its CEO James Cory Rellas over a data breach that exposed 2.5 million users' information.
Drizly is facing tough restriction orders from the FTC as part of its enforcement action regarding alleged security failures that resulted in a data breach, CNN Business reports.
The FTC Goes After Drizly And Its CEO With Individual Actions
The FTC is pushing forward with its proposed orders against the alcohol delivery service Drizly and its CEO for compromising 2.5 million users' data.
In 2018, the company was alerted about the security issues when a Drizly employee posted the company's Amazon Web Services login on a cloud account in GitHub.
According to Engadget, because of this, hackers got a hold of the logins and infiltrated the servers to mine cryptocurrency using the information they had.
Drizly stores its data in the Amazon Web Services cloud, which includes users' emails, postal addresses, phone numbers, and even unique devices, geolocation, and data from third parties.
However, an investigation by FTC found that the company still failed to address the breach, earning them an FTC order that required them to destroy unnecessary data.
Furthermore, the FTC restricts Drizly from collecting and retaining data and binds its CEO to specific security requirements for his role in the unlawful business practices done by Drizly.
"Our proposed order against Drizly also ensures the CEO faces consequences for the company's carelessness," Bureau of Consumer Protection director Samuel Levine says.
FTC Chair Lina Khan also says that they will strengthen these orders by naming individual executives to ensure that they take retaliatory actions from FTC seriously, Axios writes.
"Today's settlement sends a very clear message: protecting Americans' data is not discretionary," says Khan, adding that safety should be a priority for any CEO.
FTC Strengthens Complaints With Multiple Allegations Against Drizly
Drizly is an online marketplace acquired by Uber where customers of legal drinking age can place orders of beers, wine, and alcohol from retailers.
The Boston-based Uber subsidiary failed to take adequate steps to address security concerns that resulted in a data breach, which strengthened the FTC's allegations against Drizly and its CEO.
According to FTC's official statement, Drizly and its CEO, Rellas, failed to safeguard and secure the personal information of users, which led to its collection.
They also found that the company did not do enough safety practices to protect consumer data, develop adequate security policies, and conduct training for employees on security procedures.
The Commission also alleges that the company stored critical information on an unsecured platform but neglected it by not monitoring possible security threats like unauthorized access.
Furthermore, the FTC found that the neglect placed customers in deliberate financial harm and malicious use of personal information that may be damaging to Drizly's clients.
With this, the agency voted 4-0 to issue the proposed administrative complaint, giving Drizly and Rellas 30 days to accept the consent agreement, Axios says.
Read More: FTC Says Do Not Track Consumers
