POST Online Media Lite Edition



 

FTC takes action against Drizly and its CEO James Cory Rellas for security failures

Christian Fernsby |
The Federal Trade Commission is taking action against the online alcohol marketplace Drizly and its CEO James Cory Rellas over allegations that the company’s security failures led to a data breach exposing the personal information of about 2.5 million consumers.

Article continues below




>
Drizly and Rellas were alerted to security problems two years prior to the breach yet failed to take steps to protect consumers’ data from hackers.

The FTC’s proposed order requires the company to destroy unnecessary data, restricts the data that the company can collect and retain, and binds Rellas to specific data security requirements for his role in presiding over unlawful business practices.

“Our proposed order against Drizly not only restricts what the company can retain and collect going forward but also ensures the CEO faces consequences for the company’s carelessness,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “CEOs who take shortcuts on security should take note.”

Boston-based Drizly, a subsidiary of Uber, operates an online marketplace where consumers of legal drinking age can place orders with retailers to buy beer, wine, and alcohol for delivery.

The company collects and stores on Amazon Web Services cloud computing service a wide range of personal information from consumers such as email, postal addresses, phone numbers, unique device identifiers, geolocation information and data purchased from third parties.

According to the FTC’s complaint, Drizly and Rellas were alerted to problems with the company’s data security procedures following an earlier security incident. In 2018, a Drizly employee posted company cloud computing account login information on the software development and hosting platform GitHub.

As a result of this security breakdown, hackers were able to use Drizly’s servers to mine cryptocurrency until the company changed its login information for its cloud computing account.

Drizly failed to take steps to adequately address its security problems while publicly claiming to have appropriate security protections in place. Two years later, a hacker breached an employee account, got access to Drizly’s corporate GitHub login information, hacked into the company’s database, and then stole customers’ information.

Under the proposed FTC order, Drizly and Rellas are required to:

• Destroy unnecessary data:
Drizly is required to destroy any personal data it collected that is not necessary for it to provide products or services to consumers. It must also document and report to the Commission what data it destroyed.

• Limit future data collection:
Going forward, Drizly must refrain from collecting or storing personal information unless it is necessary for specific purposes outlined in a retention schedule. It must also must publicly detail on its website the information it collects and why such data collection is necessary.

• Implement an information security program:
Drizly is required to implement a comprehensive information security program and establish security safeguards to protect against the security incidents outlined in the complaint. This includes measures such as providing security training for its employees; designating a high-level employee to oversee the information security program; implementing controls on who can access personal data; and requiring employees to use multi-factor authentication to access databases and other assets containing consumer data.

Notably, the order applies personally to Rellas, who presided over Drizly’s lax data security practices as CEO. In the modern economy, corporate executives frequently move from company to company, notwithstanding blemishes on their track record. Recognizing that reality, the Commission’s proposed order will follow Rellas even if he leaves Drizly.

Specifically, Rellas will be required to implement an information security program at future companies if he moves to a business collecting consumer information from more than 25,000 individuals, and where he is a majority owner, CEO, or senior officer with information security responsibilities.

The FTC voted 4-0 to issue the proposed administrative complaint and to accept the consent agreement with Drizly and Rellas.


What to read next

Tronox to vigorously fight FTC lawsuit against Cristal acquisition
Axon sues FTC for alleged violation of U.S. constitution
Endo Pharmaceuticals to abandon anticompetitive pay-for-delay agreements

U.S.: Areas of severe thunderstorms and heavy rain through the weekend

 
Upper-level ridging weakens from the Ohio Valley to the Southeast on Friday, resulting in a reduced area of Heat Advisories over the east.
 
 

Latest

Baker Hughes: U.S. oil rig count down by 6 to 432
Malaysia introduces new rules prohibiting all plastic waste imports from U.S.
Kazakh-German JV Skyhansa to build $500 mln airport near Chinese border
Ukrainian poultry products gained access to Oman market

NEWS

EPPO targets criminal organisation suspected of VAT fraud involving sales of diesel

U.S.: Severe thunderstorms in the Northern Plains and Upper Midwest
Former U.S. senator Bob Menendez begins serving 11-year bribery sentence
Russian-linked tanker crew accused in Finland-Estonia undersea cable sabotage probe
Croatia: Former minister sentenced to two years of imprisonment for abuse of office and authority
U.S.: Widespread showers across the eastern half, severe thunderstorms in Montana into the Plains
 

BUSINESS

Peru's mining exports jump 23 pct

Vietnam encourages private businesses to invest in railway sector
Baker Hughes: U.S. oil rig count down by 1 to 438
AfDB to provide $184.1 million for Africa’s largest solar energy and battery storage project
EIB supports Bay of Biscay electricity interconnection between Spain and France
U.S., UK, and Congolese officials inaugurate Kiswishi City Special Economic Zone
 

Trending Now

Peru's mining exports jump 23 pct

Fire in Egyptian hospital kills at least seven coronavirus patients

Egyptians start paying taxes on imported mobiles

Micron plans to invest $200 billion in semiconductor manufacturing and R&D


POLITICS

New York Power Authority directed to develop nuclear power plant

Cuban President begins official visit to Belarus
EU adopts new tariffs on Russian and Belarusian agricultural goods and fertilisers
EU proposes banning LNG gas imports from Russia by end of 2027
New York Governor announces Sullivan County broadband project
Zimbabwe to ban lithium concentrate exports
 

Today We Recommend

New York Power Authority directed to develop nuclear power plant


Highlights 

Micron plans to invest $200 billion in semiconductor manufacturing and R&D

750 new jobs coming to Michigan

WFS to open new multi-purpose terminal at Lyon Airport


COMPANIES

Micron plans to invest $200 billion in semiconductor manufacturing and R&D

750 new jobs coming to Michigan
LS Cable and unit join Korea-Japan submarine cable project
WFS to open new multi-purpose terminal at Lyon Airport
CEVA Logistics renews contract to transport aeronautics parts between France, Morocco, Tunisia
Malian government takes over Canadian-owned Barrick Gold mine
 

CAREERS

Bluecrux appoints four new partners

Isomorphic Labs appoints Ben Wolf as chief medical officer
Vodacom names new international markets CEO
David Andreadakis joins Loyalty Juggernaut as chief commercial officer
Tom Montali joins CSL as business development director
Concirrus appoints Steve O'Reilly as product manager
 

ECONOMY

EU-Mercosur trade up substantially in last decade

Russia's trade surplus falls 18.3% to $42.4 bln in January-April
U.S. economy in Q1 revised up to 0.2-pct contraction
Japan loses top creditor position for first time in 34 years
NZ exports to EU jump 28% in first year of trade deal
EU generated €39.2 billion surplus in trade in agricultural products
 

EARNINGS

Ericsson Q2 sales down but North America up

Lockton revenue $3.55 billion
Motorcar Parts of America Q4 sales $189.5 million
Limoneira Q2 revenue $44.6 million
Lululemon athletica Q1 revenue increased 10% to $2.2 billion
PVH Q1 GAAP EBIT $205 million
 

OP-ED

Micromanaging is the worst enemy of efficiency and teamwork

Niger set to monetize massive gas reserves through Saharan natural gas pipeline
Putting the brakes on EV folly that choked the market
Oil discovery in Kavango Basin may mean huge benefits for Namibians
Cape Town and Dubai battle over Africa's energy future
Is America going to lose its superpower status?
 

AGRIFISH

Ireland: Minister Donohoe removes broiler poultry farmers from VAT Flat Rate Addition scheme

FLI tests mobile One Health laboratory for diagnosing highly pathogenic pathogens
First vaccine against swine dysentery disease recommended for approval
USDA expands fruit pest quarantines in New York and California
Peru records 23.6% growth in agricultural export sales compared to 2024
China allows imports of rapeseed meal, soybean meal from Uruguay
 

LEADERSHIP

Study: Missing a deadline has a bigger impact than you might think

Employers prefer younger job candidates for AI roles although experienced workers perform same or better
Study finds workers misjudge wage markets
Some organizations may need to expand their hierarchical structures earlier than others
Study finds there's right way and wrong way to deliver negative feedback in workplace
Allyship is critical and its needs appreciation
 

CRIME

German court convicts four ex-Volkswagen managers of fraud in emissions scandal

EU fines carmakers €458 million for anti-recycling cartel
Commission fines Pierre Cardin and its licensee Ahlers €5.7 million for restricting cross-border sales of clothing
BHP, Vale agree to pay $30B damages for Brazil dam disaster
Commission fines České dráhy and Österreichische Bundesbahnen €48.7 million over collusion to exclude common compe
SEC charges Keurig with making inaccurate statements regarding recyclability of K-Cup beverage pod
 

Magazine

TRAVEL

Radisson Hotel Group debuts in the heart of Tunisia’s capital city, Tunis

Morocco’s first Radisson branded hotel opens in Casablanca
Buna channels, an unreal and beautiful part of Bosnia and Herzegovina
JW Marriott unveils Mindful Haven with opening of JW Marriott Hotel Nairobi
Sotheby's Sports Week returns with fantastic artifacts
Red Roof properties open in Michigan
 

SEA, LAND, AIR

Citroën C3 Aircross, the most affordable compact SUV with 7 seats

2025 Chevrolet Equinox stands apart with fresh looks and capability
Hill Helicopters HX50, luxury in the sky
Opel Movano becomes fully equipped camper van
Porsche Panamera, new hybrid variants
Dodge Charger, 670 horsepower of electric
 

DESIGN

Cold night, hot fire pit, cool entertainment

Embellish your home with PVC panels
You'll have to hurry if you want one of 20 new Louis Vuitton watches
Luxury duvet looks good, fells good and keeps you healthy
Vacheron Constantin, watches for life and more
Schüller kitchens, where functionality marries design
 

GADGETS

MESA/Boogie Celebrates 40-year partnership with John Petrucci

reMarkable 2, monochrome tablet for your thoughts and your eyes
OnePlus Ace 3V, first with Snapdragon 7 Plus Gen 3
ASUS Zenfone 11 Ultra, flagship with a reason
Samsung Galaxy S24 is photography powerhouse
Casette tapes are making a big comeback, and so are portable players
 

HEALTH

Bolivia declares national health emergency due to measles outbreak

Hong Kong researchers develop needle-free flu vaccine with broad protection
World's first vaccines that don't need refrigeration entered trials
First patient enrolled in Phase 1 clinical trial of Akiram’s cancer drug candidate
FDA grants marketing authorization of first home test for chlamydia, gonorrhea and trichomoniasis
Human cases of anthrax reported in western Mongolia
 

MEANTIME

Cost of keeping wind turbines out of sight

Mission to "weigh" all of Earth's forests from space launched
NASA's SPHEREx space telescope begins mapping entire sky
Russian academics, gas industry experts see undersea LNG transportation as feasible
India launches space docking experiment mission
World-first carbon-14 diamond battery made