WASHINGTON (Reuters) – The online liquor market Drizly settled with the U.S. Federal Trade Commission (FTC) over a data breach that exposed information about 2.5 million people, the agency said Monday.
Under terms of the settlement, Drizly is required to destroy unnecessary data, restrict what it collects and requires Chief Executive James Rellas to follow certain data security practices.
The agency said that the company and Rellas were informed about security problems long before Drizly was hacked and failed to address the problems.
Drizly, which offers liquor delivery in more than 30 states, is owned by Uber. Neither company immediately responded to a request for comment.
“Drizly & Rellas were alerted to security problems 2 years before the breach, yet they failed to act. Instead, they stored key information on an unsecured platform, didn’t monitor for security threats, and exposed customers to hackers & identity thieves,” FTC Chair Lina Khan tweeted on Monday.
(Reporting by Diane Bartz; Editing by Bill Berkrot)