FTC alleges Chegg ed tech company exposed data of 40 million users

Spread the love

The Federal Trade Commission has filed a complaint against Chegg, accusing the education tech provider of “careless” security practices that compromised personal data since 2017. The company reportedly exposed sensitive info for roughly 40 million customers in 2018 due to a former contractor accessing a third-party database using their login credentials. This included names, email addresses, passwords, and even personal details like religion, sexual orientation, and parents’ income ranges. The information was later found for sale on the online black market.

Security Lapses and Allegations

The FTC alleges that Chegg failed to implement “commercially reasonable” safeguards, allowing employees and contractors to use a single sign-in, lacking multi-factor authentication, and not scanning for threats. Personal data was stored in plain text and encrypted with outdated and weak methods. Additionally, Chegg did not have a written security policy until 2021 and did not provide sufficient security training despite previous phishing attacks.

Response and Compliance

Chegg has agreed to comply with a proposed order from the FTC to address these issues. The company will define the information it collects, limit the scope of collection, implement multi-factor authentication, and establish a comprehensive security program with encryption and training. Customers will have access to their data and can request its deletion. Chegg insists that data privacy is a top priority and has cooperated with the FTC to improve its security practices.

FTC alleges Chegg ed tech company exposed data of 40 million users

Security Lapses and Allegations

Response and Compliance

EU regulators drop some serious AI rules

EU regulators hold off on announcing penalties for Apple and Meta before US trade talks, reports say

Spotify accuses Apple of messing with its new audiobook project

Steam Families integrates game sharing and parental controls into a single platform.

EU regulators drop some serious AI rules

EU regulators hold off on announcing penalties for Apple and Meta before US trade talks, reports say

Spotify accuses Apple of messing with its new audiobook project

X’s Quest to Prove Innocence in Removing CSAM from its Site

Pokémon Scarlet and Violet: Catching Monsters with a Twist

Trump Admin Plans to Charge $100k for H-1B Visas, but Chill, It’s Just a One-Time Deal

“Former Facebook Lobbyist Assumes Leadership of EU’s Facebook Oversight Committee!”

China completes investigation of Google’s Android operating system for antitrust violations.

Google levels up its battle against revenge porn with assistance from a UK nonprofit

Steam Families integrates game sharing and parental controls into a single platform.

The Epic Encounter: When Metroidvania Meets Space Horror

Acer’s cloud gaming Chromebook demonstrates robust performance as a laptop, regardless of gaming activity.

Diablo IV to add new class in late 2024 expansion

Engadget Podcast: Apple’s new iPads are giving us a headache

EU regulators drop some serious AI rules

EU regulators hold off on announcing penalties for Apple and Meta before US trade talks, reports say

Spotify accuses Apple of messing with its new audiobook project

X’s Quest to Prove Innocence in Removing CSAM from its Site

Uber introduces new feature to enhance safety for female riders and drivers in the United States

The Federal Trade Commission initiates efforts to oversee data security and surveillance technology.

Security Lapses and Allegations

Response and Compliance

More Stories