Drizly data security to be monitored for 20 years under FTC order


Online alcohol retailer Drizly and its chief executive officer agreed to data security requirements and to be assessed by an independent monitor for up to 20 years as part of a final settlement with the Federal Trade Commission over a data breach that impacted 2.5 million consumers, the FTC announced Tuesday.

The FTC had proposed the measures and filed a complaint against Drizly in October, alleging the company and CEO James Cory Rellas knew about security vulnerabilities and ignored them.

Customer emails, addresses, phone numbers, and other data were unnecessarily stored by the company on an insecure platform with gaps that allowed hackers to gain access, the FTC alleged.

lock iconTHIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.