In a 2018 incident, a former Chegg contractor gained access to one of its third-party cloud databases, revealing personal information such as names, email addresses and passwords, in addition to parents’ religion, sexual orientation, disabilities and income. Some of the stolen data was later found for sale online. Officials also said: Chegg didn’t have a written security policy until January 2021 and has failed to provide adequate safety training to its employees.
Data stolen by an ex-Chegg contractor was later found for sale online
Now, the FTC says Chegg’s inadequate cybersecurity practices in all breaches have resulted in the disclosure of data for about 40 million users. Chegg has agreed to honor a proposed order from the FTC to improve data security, whereby the company will implement multi-factor authentication, provide security training to employees, encrypt user data, and allow customers to access and delete their data from the platform.
In a statement provided to The New York TimesChegg said data privacy was a top priority for the company and only a small percentage of users had provided data about their religion and sexual orientation as part of a scholarship discovery feature. “Chegg is fully committed to protecting users’ data and has worked with reputable privacy organizations to improve our security measures and will continue our efforts,” the statement said.
“Chegg took shortcuts with the sensitive information of millions of students,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection. “Today’s order requires the company to strengthen security safeguards, provide consumers with an easy way to delete their data, and limit information-gathering up front. The Commission will continue to act aggressively to protect personal data.”
Janice has been with businesskinda for 5 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider businesskinda team, Janice seeks to understand an audience before creating memorable, persuasive copy.