The breach occurred in 2020, when an unauthorized party accessed an employee GitHub account and took a series of steps to eventually steal customer data. “CEOs who take shortcuts on security should take note.”ĭrizly is a subsidiary of Uber Technologies, where a former chief security officer was found guilty earlier this month of covering up a data breach and misleading the FTC in a separate case.ĭrizly and Rellas “engaged in a number of unreasonable security practices” that allowed hackers to download the personal information of millions of consumers the company stored, the FTC alleged in its analysis of its proposed consent order. “Our proposed order against Drizly not only restricts what the company can retain and collect going forward but also ensures the CEO faces consequences for the company’s carelessness,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection, in a press release. The agency highlighted the inclusion of Drizly CEO James Cory Rellas in its proposed order for his role in presiding over the company’s alleged security failures. In April, FTC Chair Lina Khan said it is time for the agency to “reassess” rules around what data companies can collect from consumers, calling for a new approach to consumer data protection to replace companies’ privacy policies on collection and use of consumer data.The proposed order, released Monday, will be printed in the Federal Register and subjected to a 30-day comment period, after which the FTC may decide to accept it and make it final or withdraw from it. “Notably, the order applies personally to Rellas, who presided over Drizly’s lax data security practices as CEO,” FTC said in the release, noting that the proposed order will follow Rellas if he leaves Drizly. Under the proposed FTC order, Drizly and Rellas are required to destroy unnecessary data, limit future data collection, and implement an information security program, according to the release. Two years later - after Drizly failed to adequately address its security problems - a hacker stole customers’ information, the release stated, citing the FTC’s complaint. “CEOs who take shortcuts on security should take note.”Ī Drizly spokesperson told PYMNTS via email: “We take consumer privacy and security very seriously at Drizly and are happy to put this 2020 event behind us.”ĭrizly and Rellas were alerted to the company’s data security problems in 2018 when hackers took advantage of a security breakdown and used its servers to mine for cryptocurrency until the company changed its login information. “Our proposed order against Drizly not only restricts what the company can retain and collect going forward but also ensures the CEO faces consequences for the company’s carelessness,” FTC Bureau of Consumer Protection Director Samuel Levine said in the release. The data breach exposed the personal information of 2.5 million customers of Drizly, which is a subsidiary of Uber, the FTC said Monday (Oct. The Federal Trade Commission ( FTC ) is taking action against both online alcohol marketplace Drizly and its CEO, James Cory Rellas, pointing to allegations that they were alerted to data security problems but failed to improve the company’s procedures before a data breach took place two years later in 2020.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |