Live: 300+ Best Black Friday Deals Live: Black Friday TV Deals BF Deals Under $25 BF Deals Under $50 5 BF Splurges 8 BF Must-Haves 15 Weird Amazon BF Deals BF Cheat Sheet
Want CNET to notify you of price drops and the latest stories?
No, thank you
Accept

FTC Takes Action Against Drizly for 2020 Data Breach

The alcohol delivery company agrees to tighten data security practices amid allegations it knew of security lapses two years before a hacker stole 2.5 million customers' personal information.

Drizly bag and bottles and cans of alcohol
Drizly

Drizly has agreed to tighten its data security practices after federal regulators accused the alcohol delivery company and its CEO of security lapses related to a 2020 data breach that exposed the personal information of 2.5 million customers.

The Federal Trade Commission said Monday it had reached a proposed consent agreement with Drizly, a Boston-based subsidiary of Uber that offers delivery of beer, wine and other alcoholic spirits to consumers of legal drinking age. The FTC alleged that the company and its CEO, James Cory Rellas, were alerted to security problems two years before the 2020 breach yet failed to act to protect consumers' data.

The proposed order limits the information the company can collect and retain and requires Drizly to implement a comprehensive data security program and destroy unnecessary data. The FTC said the proposed order also binds Rellas to specific data security requirements "for his role in presiding over unlawful business practices."

"Our proposed order against Drizly not only restricts what the company can retain and collect going forward but also ensures the CEO faces consequences for the company's carelessness," Samuel Levine, director of the FTC's Bureau of Consumer Protection, said in the statement. "CEOs who take shortcuts on security should take note."

In 2020, Drizly confirmed that a hacker had obtained some customers' personal data, including emails, date-of-birth information, passwords and, in some cases, addresses.

"We take consumer privacy and security very seriously at Drizly, and are happy to put this 2020 event behind us," a Drizly spokesperson said in a statement.

Uber bought Drizly for $1.1 billion 2021.

Read more: Best Alcohol Delivery Services for 2022