The Federal Trade Commission has announced that it would be pursuing action against Boston-based Uber subsidiary Drizly. The company delivers beer, wine, and spirits in stats where it is legal, and boasts partnerships with retailers in hundreds of US cities. The group has agreed to tighten its security practices and limit data collection after an alleged breach that exposed the personal information of roughly 2.5 million customers. The Federal Trade Commission has alleged that the group’s security failures led to the data breach after the FTC notified the company of security problems two years before the breach occurred. The FTC claims that Drizly and its CEO James Cory Rellas failed to address the concerns.
Drizly has agreed to initiate a comprehensive data security program and establish additional security safeguards that will protect against future breaches or leaks. In addition, the company will limit data collection and storage in the future as well as destroy unnecessary data previously held by the company. Drizly collects and stores data such as email and postal addresses, phone numbers, and geolocation information.