Security News > 2022 > October > FTC slaps down Drizly CEO after 2.4m user records stolen from 'careless' booze app biz

Analysis Drizly CEO James Cory Rellas is in the firing line after his company exposed about 2.5 million customers' personal information in a computer security blunder.

The company and its CEO must put better security controls in place, require employees to use multi-factor authentication, and provide security training for its employees.

"We take consumer privacy and security very seriously at Drizly, and are happy to put this 2020 event behind us," a Drizly spokesperson told The Register.

While the data snafu occurred in 2020, the FTC's complaint [PDF] against the biz stated the security failings date back to at least 2018, when a Drizly employee posted on GitHub login details for the company's Amazon cloud computing resources.

The action is part of the watchdog agency's "Aggressive efforts" to protect private data and ensure that "Careless CEOs learn from their data security failures," according to the FTC's press release.

While holding a chief executive accountable for a security breach is "a slippery slope," according to Brian Mannion, chief legal and data protection officer at Aware, the FTC action may mean additional power - or at least a bigger budget - for chief information security officers.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/10/26/ftc_blames_ceo_drizly_breach/