"FTC Targets Drizly and Its CEO Over Cybersecurity Failures That Led to Data Breach"
The Federal Trade Commission (FTC) recently announced an administrative complaint against online alcohol marketplace Drizly and its CEO, James Cory Rellas, over the company’s poor data security practices. The FTC noted the company’s security failures that led to a data breach impacting the personal information of over 2.5 million individuals, even though Drizly and Rellas were informed of existing security issues two years prior. In 2018, after a Drizly employee posted a set of credentials on GitHub, hackers accessed the company’s servers and deployed cryptocurrency miners. Two years later, a hacker compromised a Drizly employee’s account, accessed corporate GitHub credentials, and stole customer information. According to the FTC, Drizly and Rellas failed to implement basic security protections for the collected data, did not use multi-factor authentication, did not limit employee access to personal data, and did not develop adequate security policies. The FTC is requiring Drizly to limit its data collection practices, destroy unnecessary data, and implement a comprehensive information security program to ensure that it can prevent similar security incidents from occurring.