Stronger restrictions are being proposed by the Federal Trade Commission against alcoholic beverage delivery platform Drizly following a data breach in 2020 that compromised sensitive information from 2.5 million individuals, which federal regulators earlier attributed to the service's persistent security lapses, according to CNN.
Aside from compelling Drizly to bolster its cybersecurity measures and restrict data gathering, the proposal would also require the alcohol delivery service to delete collected customer data that is not required for its operations.
Moreover, Drizly CEO James Cory Rellas would be subjected to binding obligations for all business activities, even those unrelated to Drizly. Such an order has been proposed in light of FTC investigation that noted Drizly's awareness of its cybersecurity issues beginning in 2018, when the platform's cloud computing accounts have been compromised through the use of employee credentials. Drizly also had its corporate network infiltrated by threat actors who stole customer data in 2020.
"We take consumer privacy and security very seriously at Drizly, and are happy to put this 2020 event behind us," said a Drizly spokesperson.
Several recommendations have been given by the Department of Homeland Security to simplify federal cyber incident reporting rules in an effort to ensure no additional burdens to cyberattack-hit organizations, reports The Record, a news site by cybersecurity firm Recorded Future.
U.S. global consumer and professional products manufacturer Clorox has disclosed the possibility of product shortages and delays due to widespread operational disruption linked to a cyberattack last month, ABC News reports.