FTC Finalizes Consent Order with Drizly Following Security Breach Affecting 2.5 Million Customers

Lori Kalani, Bernard Nash
Cozen O'Connor
Contact
LinkedIn
Facebook
X
Send
Embed

Cozen O'Connor

  • The FTC finalized a consent order with Drizly, LLC and a related individual (collectively, “Drizly”) regarding alleged violations of the FTC Act. Drizly operates an e-commerce platform that allows local retailers to sell alcohol to consumers and facilitate its delivery.
  • According to the FTC’s complaint, Drizly failed to use appropriate information security practices to protect consumers’ personal information. The FTC claims that Drizly’s alleged security flaws allowed a malicious actor to access Drizly’s consumer database and steal information relating to 2.5 million consumers.
  • Under the terms of the consent order, Drizly must undertake data minimization efforts, refrain from collecting or storing unnecessary personal information, set appropriate data retention limits for any necessary personal information collected, implement a comprehensive information security program that provides, among other things a multi-factor authentication option for consumers, and obtain biennial third party information security assessments for 20 years.

Written by:

Cozen O'Connor
Cozen O'Connor
Contact
more
less

Cozen O'Connor on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide