Drizly has agreed to tighten its knowledge safety practices after federal regulators accused the alcohol supply firm and its CEO of safety lapses associated to a 2020 knowledge breach that uncovered the private data of two.5 million clients.
The Federal Trade Commission mentioned Monday it had reached a proposed consent settlement with Drizly, a Boston-based subsidiary of Uber that gives supply of beer, wine and different alcoholic spirits to shoppers of authorized ingesting age. The FTC alleged that the corporate and its CEO, James Cory Rellas, have been alerted to safety issues two years earlier than the 2020 breach but didn’t act to guard shoppers’ knowledge.
The proposed order limits the data the corporate can accumulate and retain and requires Drizly to implement a complete knowledge safety program and destroy pointless knowledge. The FTC mentioned the proposed order additionally binds Rellas to particular knowledge safety necessities “for his position in presiding over illegal enterprise practices.”
“Our proposed order in opposition to Drizly not solely restricts what the corporate can retain and accumulate going ahead but in addition ensures the CEO faces penalties for the corporate’s carelessness,” Samuel Levine, director of the FTC’s Bureau of Consumer Protection, mentioned within the assertion. “CEOs who take shortcuts on safety ought to take word.”
In 2020, Drizly confirmed {that a} hacker had obtained some clients private knowledge, together with emails, date-of-birth data, passwords, and in some circumstances, addresses.
“We take client privateness and safety very significantly at Drizly, and are completely happy to place this 2020 occasion behind us,” a Drizly spokesperson mentioned in a press release.
Uber purchased Drizly for $1.1 billion 2021.