Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Audits

Drizly Agrees to Tighten Data Security After Alleged Breach

Alcohol delivery app Drizly has agreed to tighten its data security and limit data collection to resolve federal regulators’ allegations that its security failures exposed the personal information of some 2.5 million customers.

Alcohol delivery app Drizly has agreed to tighten its data security and limit data collection to resolve federal regulators’ allegations that its security failures exposed the personal information of some 2.5 million customers.

The Federal Trade Commission announced the action Monday against Drizly, a Boston-based subsidiary of Uber that delivers beer, wine and spirits in states where it’s legal, and partners with retailers in hundreds of cities around the US. The proposed consent agreement with the FTC also names Drizly CEO James Cory Rellas. The regulators allege that the company and Rellas were alerted to security problems two years before the 2020 breach yet failed to act to protect consumers’ data.

Drizly agreed to put in a comprehensive data security program and establish security safeguards, and to limit future data collection or storage to that which is necessary for specific purposes. It will also destroy unnecessary data.

“Our proposed order against Drizly not only restricts what the company can retain and collect going forward but also ensures the CEO faces consequences for the company’s carelessness,” Samuel Levine, director of the FTC’s bureau of consumer protection, said in a statement. “CEOs who take shortcuts on security should take note.”

Drizly collects and stores on Amazon Web Services cloud-computing service a wide range of personal data from customers such as email and postal addresses, phone numbers, geolocation information and data purchased from third parties, according to the FTC.

“We take consumer privacy and security very seriously at Drizly, and are happy to put this 2020 event behind us,” the company said in a statement.

The proposed consent agreement will be opened to public comment for 30 days, after which the FTC will decide whether to make it final.

Related: FTC Looking at Rules to Corral Tech Firms’ Data Collection

Related: FTC Takes Action Against CafePress Over Massive Data Breach, Cover-Up

Related: FTC Accuses Data Broker of Selling Sensitive Location Data

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.