Drizly data security to be monitored for 20 years under FTC order
By 
Adrianne Appel2023-01-11T20:38:00
Online alcohol retailer Drizly and its chief executive officer agreed to data security requirements and to be assessed by an independent monitor for up to 20 years as part of a final settlement with the Federal Trade Commission over a data breach that impacted 2.5 million consumers, the FTC announced Tuesday.
The FTC had proposed the measures and filed a complaint against Drizly in October, alleging the company and CEO James Cory Rellas knew about security vulnerabilities and ignored them.
Customer emails, addresses, phone numbers, and other data were unnecessarily stored by the company on an insecure platform with gaps that allowed hackers to gain access, the FTC alleged.
Related articles
-
ArticleFTC places restrictions on CEO in Drizly enforcement proposal
The Federal Trade Commission announced a tentative settlement with online alcohol delivery platform Drizly and its chief executive officer regarding a data breach affecting 2.5 million consumers and the alleged lax security that allowed it to happen.
-
News BriefCFPB humility pledge reshapes exam process, as agency faces uncertain future
The U.S. Consumer Financial Protection Bureau’s Supervision Division introduced a new “humility pledge” last month that examiners will read aloud at the start of each oversight engagement. It’s another shift in how the organization handles itself under the Trump administration.
-
OpinionWhy the EU’s new Machinery Regulation is a wake-up call on cybersecurity
The European manufacturing industry is on the cusp of a regulatory shift that promises to reshape how machines are designed and operated.
More from Regulatory Enforcement
-
ArticleFormer Credit Suisse compliance officer charged with money laundering
A compliance officer is facing charges for laundering $7 million in a complex legal case in Switzerland. Swiss prosecutors have charged Credit Suisse, and one of its former employees, with failing to maintain adequate controls.
-
ArticleSan Francisco firm pays $11.4M for alleged Russia-related sanctions violations
A San Francisco-based private equity firm has agreed to pay $11.4 million to settle allegations it violated U.S. sanctions rules by handling investments for a sanctioned Russian oligarch.
-
ArticleCompany agrees to report to FTC for 10 years for alleged student data lapses
A tech company that stores student information for schools has agreed to implement a data security program and report to the Federal Trade Commission for 10 years, after security failures led to data for 10 million students being breached.