The online liquor market Drizly settled with the U.S. Federal Trade Commission (FTC) over a data breach that exposed information about 2.5 million people, the agency said Monday.
Under terms of the settlement, Drizly is required to destroy unnecessary data, restrict what it collects and requires Chief Executive James Rellas to follow certain data security practices.
The agency said that the company and Rellas were informed about security problems long before Drizly was hacked and failed to address the problems.
“We take consumer privacy and security very seriously at Drizly, and are happy to put this 2020 event behind us,” a Drizly spokesperson said in a statement.
Drizly, which offers liquor delivery in more than 30 states, is owned by Uber.
“Drizly & Rellas were alerted to security problems 2 years before the breach, yet they failed to act. Instead, they stored key information on an unsecured platform, didn’t monitor for security threats, and exposed customers to hackers & identity thieves,” FTC Chair Lina Khan tweeted on Monday.