05:58:21 PM
11 2023

USA: FTC finalises order against Drizly over data breach affecting 2.5M consumers

photo: reuters

View 2.6K

word 315 read time 1 minute, 34 Seconds

The Federal Trade Commission ('FTC') announced, on 10 January 2023, that it had finalised an order against Drizly, LLC, for violation of § 5(a) of the Federal Trade Commission Act ('the FTC Act'), due to security failures at Drizly which had led to a data breach exposing the personal information of approximately 2.5 million consumers, following the issuance of a proposed order on the same.

Background to the order

In particular, the FTC reported that Drizly had been alerted to security vulnerabilities two years prior to the 2020 breach, and yet failed to take steps to protect consumers' data from hackers despite publicly claiming to have appropriate security protections in place.

Findings of the FTC

More specifically, the FTC found that Drizly did not require employees to use two-factor authentication for GitHub, limit employee access to personal data, develop adequate written security policies, or train employees on those procedures.

Furthermore, the FTC noted that Drizly stored critical database information on an unsecured platform and neglected to monitor its network for security threats, as well as not putting a senior executive in charge of ensuring that Drizly was keeping its data secure, nor monitoring its network for unauthorised attempts to access or remove personal data. To this end, the FTC concluded that these failures allowed a malicious actor to access Drizly's consumer database and steal information relating to 2.5 million consumers.


Accordingly, the FTC's order, among other things, requires Drizly to:

  • destroy any personal data it collected that is not necessary for its specific purposes;
  • refrain from collecting or storing personal information unless it is necessary for specific purposes outlined in a retention schedule;
  • publicly detail on its website the information it collects and why such data collection is necessary; and
  • implement a comprehensive information security program and establish security safeguards.

You can read the announcement here and the finalised order here.

Source by Redazione

LSNN is an independent publisher that relies on reader support. We disclose the reality of the facts, after careful observations of the contents rigorously taken from direct sources. LSNN is the longest-lived portal in the world, thanks to the commitment we dedicate to the promotion of authors and the value given to important topics such as ideas, human rights, art, creativity, the environment, entertainment, Welfare, Minori, on the side of freedom of expression in the world «make us a team» and we want you to know that you are precious!

Dissemination* is the key to our success, and we've been doing it well since 1999. Transparent communication and targeted action have been the pillars of our success. Effective communication, action aimed at exclusive promotion, has made artists, ideas and important projects take off. Our commitment to maintain LSNN is enormous and your contribution is crucial, to continue growing together as a true team. Exclusive and valuable contents are our daily bread. Let us know you are with us! This is the wallet to contribute.

*Dissemination is the process of making scientific and technical information accessible to a non-specialist public. This can come through various forms, such as books, articles, lectures, television programs and science shows.

Similar Articles / USA: FTC...consumers
01 gen 1970