The online liquor market Drizly — owned by Uber — has settled with the U.S. Federal Trade Commission (FTC) over a data breach that exposed information about 2.5 million people in 2020.
Drizly is required to destroy unnecessary data, restrict what it collects and requires Chief Executive James Rellas to follow certain data security practices.
The FTC said that the company and Rellas were informed about security problems long before Drizly was hacked and failed to address the problems.
“We take consumer privacy and security very seriously at Drizly, and are happy to put this 2020 event behind us,” a Drizly spokesperson said in a statement.
Drizly, which offers liquor delivery in more than 30 states, is owned by Uber.
“Drizly and Rellas were alerted to security problems 2 years before the breach, yet they failed to act. Instead, they stored key information on an unsecured platform, didn’t monitor for security threats, and exposed customers to hackers and identity thieves,” FTC Chair Lina Khan tweeted on Monday.