In an incident in 2018, a former Chegg contractor gained entry to certainly one of its third-party cloud databases, exposing private info equivalent to names, electronic mail addresses and passwords. extra faith, sexual orientation, disabilities and parental revenue. A few of the stolen information was later discovered on the market on-line. Officers additionally mentioned Chegg did not have a written security policy until January 2021 and failed to offer enough security coaching to its workers.
Information stolen by a former Chegg contractor was later discovered on the market on-line
Now, the FTC says that for all of the breaches, Chegg’s inadequate cybersecurity practices resulted within the information publicity of roughly 40 million customers. Chegg has agreed to honor an FTC proposed order to enhance its information safety, which can see the corporate implement multi-factor authentication, present safety coaching to workers, encrypt consumer information and permit clients to entry their information and delete them from the platform.
In an announcement offered to The New York Occasions, Chegg mentioned information privateness was a prime precedence for the corporate and that solely a small share of customers offered information about their faith and sexual orientation as half of a school scholarship search operate. “Chegg is totally dedicated to defending consumer information and has labored with respected privateness organizations to boost our safety measures and can proceed our efforts,” the assertion mentioned.
“Chegg took shortcuts with tens of millions of delicate pupil info,” mentioned Samuel Levine, director of the FTC’s Client Safety Bureau. “At this time’s order requires the corporate to strengthen safety measures, present shoppers with a simple approach to delete their information, and restrict upstream info assortment. The Fee will proceed to behave aggressively to guard private information.