![]() ![]() failed to monitor and terminate employee and contractor access even after they no longer needed such access.failed to protect access to its GitHub account through multifactor authentication.The FTC’s complaint accused Drizly of failing to implement reasonable information security practices to protect customers’ personal information. In 2020, a breach occurred again when an intruder similarly gained access to AWS credentials through the unsecured GitHub repository.ĭrizly’s Alleged Unreasonable Security Practices An intruder, who was able to infiltrate Drizly’s GitHub’s repository using the executive’s passwords, found AWS credentials in the repository. ![]() In 2018, Drizly experienced a security breach after allegedly allowing a Drizly executive to access the GitHub repository for an event and failing to terminate that executive’s access. To facilitate developers’ collaboration, Drizly allegedly also used the GitHub software platform, an unsecured “repository,” in which Drizly stored not only the company’s projects but also AWS credentials that provide access to its customers’ passwords. According to the complaint, Drizly, in its course of business, collected and stored customers’ personal information on Amazon Web Services (AWS)’s cloud computing service, such as customers’ email, passwords, geolocation information, and postal addresses. This alert provides a summary and analysis of the FTC’s complaint, the proposed order, and the key takeaways.īackground Leading to Drizly’s Breach IncidentĪ subsidiary of Uber, Drizly operates an online alcohol marketplace that allows local retailers to sell alcohol online to consumers of legal drinking age. The order is noteworthy in that it 1) personally names and requires Drizly’s CEO to implement an information security program, even if he moves to a different company, and 2) demands that Drizly implement data minimization practices, such as deleting all data not used for serving its products and services. On October 24, 2022, the Federal Trade Commission (FTC) announced a proposed consent order against Drizly and its CEO, James Cory Rellas, over the online alcohol marketplace company’s data breach incident in 2020, which exposed personal information of about 2.5 million customers. By Christopher Olsen and Yeji Kim on OctoPosted in Privacy ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |