Chegg sued by FTC over lax data security

Share post:

The U.S. Federal Trade Commission (FTC) has sued education technology company Chegg for exposing sensitive information of students and employees four times since 2017.

The FTC wants Chegg to improve data security by encrypting sensitive information, requiring multi-factor authentication for users and employees, limiting the amount of personal information collected and retained, allowing customers to access and delete their data, and training employees in security practices.

In addition, the FTC found that Chegg failed to notify all 40 million users and employees whose personal information was compromised during the four breaches, and has instructed the company to notify anyone whose information was compromised within the next 60 days.

If Chegg, an educational technology company, were classified in terms of security, it would almost certainly receive an F for having been hacked four times in the past five years. The first of which occurred in September 2017, when several employees were targeted in a phishing attack.

The second incident occurred in April 2018, when a former contractor used login information to gain access to Chegg Amazon S3 buckets containing millions of user data, forcing the company to reset the passwords of 40 million users after the data was put up for sale online, along with about 25 million plaintext passwords.

The third attack was when a Chegg executive’s credentials stolen in a phishing attack a year later. The threat actor gained access to the executive email inbox as well as personal information (including financial and medical information) of users and employees, leading to the third attack.

The fourth incident occurred a year later, when another Chegg employee fell victim to phishing, giving the attackers access to the payroll system and stealing the personal information of hundreds of employees.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

VMWare revenue drops by $600 million but Broadcom assures investors growth plan is on track

In its first full quarter under Broadcom's ownership, VMware's revenue fell by $600 million, dropping to $2.7 billion....

Apple faces backlash over recent ads

Apple is currently facing significant public backlash due to a controversial advertisement featuring a hydraulic press crushing various...

 Google executives face employee concerns amid profitsurge

At a recent all-hands meeting, Google employees voiced significant concerns regarding morale, cost-cutting measures, and the impact of...

Spotify CEO confesses to “rough times after layoffs” – stock price rises

In December, Spotify CEO Daniel Ek announced the largest round of layoffs in the company's history, cutting 1,500...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways