FTC accuses Drizly and its CEO of security flaws that revealed customers’ personal information

The Federal Trade Commission is investigating Drizly and its CEO, James Cory Rellas, over allegations that the security breach at Drizly exposed the personal information of about 2.5 million customers.

The FTC alleges that Drizly and Rellas were alerted to problems with the company’s data security protocols after an earlier security incident, when a Drizly employee posted the company’s cloud computing account login information on the software design and hosting platform GitHub in 2018.

As a result of this vulnerability, hackers were able to mine cryptocurrency on Drizly’s servers until the company changed its login information for its cloud computing account. Drizly did not properly address its security issues, despite publicly claiming to have taken adequate security precautions. A hacker broke into an employee account two years later and gained access to Drizly’s company-owned GitHub login information, hacked into the company’s database, and then stole customer information.

According to the FTC, Rellas needs to introduce improved security measures now and in the future wherever he works, and wants the company to eliminate unnecessary data, limit the amount of data it can collect and store, and bind Rellas to specific data security requirements for his role in presiding over illegal business practices.

“Our proposed order against Drizly not only restricts what the company can retain and collect going forward but also ensures the CEO faces consequences for the company’s carelessness,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection. “CEOs who take shortcuts on security should take note.”

In addition, the company and its CEO must improve security controls, mandate multi-factor authentication, and provide security training to employees. The FTC will decide whether the proposed order is final after a 30-day public comment period.

The sources for this piece include an article in TheRegister.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web