FTC accuses Drizly and its CEO of security flaws that revealed customers’ personal information

Share post:

The Federal Trade Commission is investigating Drizly and its CEO, James Cory Rellas, over allegations that the security breach at Drizly exposed the personal information of about 2.5 million customers.

The FTC alleges that Drizly and Rellas were alerted to problems with the company’s data security protocols after an earlier security incident, when a Drizly employee posted the company’s cloud computing account login information on the software design and hosting platform GitHub in 2018.

As a result of this vulnerability, hackers were able to mine cryptocurrency on Drizly’s servers until the company changed its login information for its cloud computing account. Drizly did not properly address its security issues, despite publicly claiming to have taken adequate security precautions. A hacker broke into an employee account two years later and gained access to Drizly’s company-owned GitHub login information, hacked into the company’s database, and then stole customer information.

According to the FTC, Rellas needs to introduce improved security measures now and in the future wherever he works, and wants the company to eliminate unnecessary data, limit the amount of data it can collect and store, and bind Rellas to specific data security requirements for his role in presiding over illegal business practices.

“Our proposed order against Drizly not only restricts what the company can retain and collect going forward but also ensures the CEO faces consequences for the company’s carelessness,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection. “CEOs who take shortcuts on security should take note.”

In addition, the company and its CEO must improve security controls, mandate multi-factor authentication, and provide security training to employees. The FTC will decide whether the proposed order is final after a 30-day public comment period.

The sources for this piece include an article in TheRegister.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

FTC says Microsoft’s layoffs at Activision Blizzard may threaten merger approval

The FTC has expressed dissatisfaction with Microsoft's layoffs at Activision Blizzard, challenging the integrity of the Microsoft-Activision deal....

Delaware court voids Musks $56 billion dollar compensation

Tesla's stock experienced a notable downturn following a Delaware court's decision to void CEO Elon Musk's massive $56...

IT World Canada strikes partnership with Canadian Cybersecurity Network

Goal is to make it easier for infosec pros to access each organization

Microsoft overtakes Apple as world’s most valuable company

In a notable shift in the tech industry, Microsoft has recently overtaken Apple to become the world's most...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways