FTC slaps down Drizly CEO after 2.4m user records stolen from 'careless' booze app biz
The proposed crackdown also requires Drizly and Rellas to destroy any personal data the biz has retained that's not necessary for providing products or services to customers, and prevents the company from collecting this type of unnecessary customer information going forward.
According to the complaint, Drizly continued to fumble its IT defenses, and in 2020 these shortcomings led to a miscreant stealing a copy of its customer data. Names, email addresses, postal addresses, phone numbers, unique device identifiers, order histories, partial payment information, geolocation information, and consumer data purchased from third partiesThe FTC complaint singles out Rellas for this clusterfsck, stating the big cheese was"responsible for this failure, as he did not implement, or properly delegate the responsibility to implement, reasonable information security practices.
However, not everyone — and not even all of the regulator's commissioners — agrees that holding CEOs' feet to the fire is the right approach. "I'm afraid the FTC has opened up a Pandora's box without fully contemplating the long-term effects down the road," he told"Moreover, it's not clear whether the FTC has a process for individuals to contest these sorts of personal decisions, since it looks like it will follow them for the rest of their lives."