The Alcohol Delivery Service Drizly Will Pay $7.1 Million in a Data Breach Settlement
Data breaches are on the rise, and with a rise in breaches comes an accompanying increase in data breach litigation. A recent class action settlement involving the largest online alcohol marketplace in North America, with retail partners in more than 1,400 cities, underscores how all companies across industries are impacted by this trend.
First, let’s look at the (alleged) facts. Drizly is a company that operates an online e-commerce platform that facilitates the delivery of alcoholic beverages from local retailers. The litigation, Barr v. Drizly, LLC, Case No. 1:20-cv-11492 (D. Mass.), concerned a data event which Plaintiffs allege resulted in consumers’ information, including at least email addresses, dates of birth, hashed passwords, delivery addresses, phone numbers, and IP addresses, to be improperly exposed to third parties on the dark web. The data event was allegedly the result of a targeted attack that occurred around February 2020 but was not identified by Drizly until the end of July 2020.
