FTC Gives Chegg an 'F' for Careless Cybersecurity Impacting 40M Students
Ed-tech company Chegg is ordered by FTC to secure its systems after repeated breaches that exposed tens of millions of users' personal data.
The Chegg educational technology company has been ordered by the Federal Trade Commission to get its cybersecurity in order after four separate data breaches exposed the sensitive data of about 40 million customers and employees.
The FTC accuses the company of failing to adhere to basic security measures like two-factor authentication, while also insecurely storing personal data in the cloud, failing to implement a security policy, and skipping employee training altogether.
As a result of the FTC complaint, Chegg will now be required to limit data collection and delete old stored data, provide consumers with the option to delete data or opt out of collection, implement multifactor authentication, and develop a comprehensive information security program.
“Chegg took shortcuts with millions of students' sensitive information," Samuel Levine, director of the FTC's Bureau of Consumer Protection, said in a statement about the action. "Today's order requires the company to strengthen security safeguards, offer consumers an easy way to delete their data, and limit information collection on the front end. The Commission will continue to act aggressively to protect personal data."
About the Author
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024