The proposed order against Drizly, if finalized, would force the company to beef up its cybersecurity and limit its data collection practices, a common requirement in FTC privacy orders. But in a significant step, the FTC also specifically named the company’s CEO, James Cory Rellas, imposing what would be binding obligations on him and all of his future business activities, at Drizly or otherwise.
According to the FTC, Drizly — which Uber acquired last year — had been aware of its cybersecurity problems since 2018, after hackers gained access to Drizly employee credentials that then allowed them to use Drizly’s cloud computing accounts to mine cryptocurrency. In another incident in 2020, a hacker compromised Drizly’s corporate network and stole customer data. At least some of that personal data was then offered for sale on underground hacker forums, the FTC said.
I have experienced the fear of being identified. Amen