Drizly data security to be monitored for 20 years under FTC order
By 
Adrianne Appel2023-01-11T20:38:00
Online alcohol retailer Drizly and its chief executive officer agreed to data security requirements and to be assessed by an independent monitor for up to 20 years as part of a final settlement with the Federal Trade Commission over a data breach that impacted 2.5 million consumers, the FTC announced Tuesday.
The FTC had proposed the measures and filed a complaint against Drizly in October, alleging the company and CEO James Cory Rellas knew about security vulnerabilities and ignored them.
Customer emails, addresses, phone numbers, and other data were unnecessarily stored by the company on an insecure platform with gaps that allowed hackers to gain access, the FTC alleged.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
ArticleFTC places restrictions on CEO in Drizly enforcement proposal
The Federal Trade Commission announced a tentative settlement with online alcohol delivery platform Drizly and its chief executive officer regarding a data breach affecting 2.5 million consumers and the alleged lax security that allowed it to happen.
-
News BriefFormer bank CEO pleads guilty in Venezuela-linked fraud and sanctions violations
A former bank chief executive has pleaded guilty in a U.S. federal court to charges tied to a multimillion-dollar fraud and sanctions evasion scheme linked to Venezuela. This follows the U.S. removal of Venezuelan President Nicolás Maduro from the country, and has opened up the country for trading oil and ...
-
ArticleEx-Capula CCO refiles whistleblower retaliation lawsuit
The former U.S. chief compliance officer of London-based hedge fund Capula Investment Management, who alleged he was fired for escalating “significant regulatory compliance issues” to senior management, refiled his lawsuit in state court after his original complaint was dismissed in federal court on jurisdictional grounds.
More from Regulatory Enforcement
-
ArticleDOJ makes good on corporate-friendly enforcement policy with Balt resolution
The ink was barely dry on the U.S. Department of Justice’s new corporate enforcement policy (CEP) when the agency announced it would not prosecute Balt SAS for alleged bribery violations.
-
ArticleBoA settles class-action related to its dealings with Jeffrey Epstein
Bank of America has agreed to settle a class-action lawsuit alleging know-your-customer and other failings in its dealings with convicted sex offender Jeffrey Epstein.
-
News BriefSEC’s Uyeda: ‘Enforcement is the wrong way’ to handle off-channel communications
The U.S. Securities and Exchange Commission’s Mark Uyeda told an audience of investment advisers that the SEC will no longer prioritize stand-alone enforcement actions for violations of the SEC’s rules on off-channel communications.