On Friday, The Federal Trade Commission finalized its order with education technology provider Chegg Inc. for its careless data security practices that exposed sensitive information about millions of Chegg’s customers and employees, including Social Security numbers, email addresses, and passwords.
In a complaint first announced in October 2022, the FTC said that Chegg failed to protect the personal information it collected from users and employees. For example, the company stored users’ personal data on its cloud storage databases in plain text and, until at least 2018, employed outdated and weak encryption to protect user passwords. As a result of its poor data security, Chegg experienced four data breaches that exposed the personal information of about 40 million users and employees, including users’ email addresses and sensitive scholarship data such as their dates of birth, sexual orientation and disabilities, as well as financial and medical information about Chegg employees.
The FTC’s order requires Chegg to implement a comprehensive information security program, limit the data the company can collect and retain, offer users multifactor authentication to secure their accounts, and allow users to request access to and deletion of their data.
After receiving only one substantive comment, the Commission voted 4-0 to finalize the order with Chegg and send a letter to the commenter.
For the latest news on everything happening in Chester County and the surrounding area, be sure to follow MyChesCo on Google News.
Thanks for visiting! Looking for some Chester County pride? We got you covered! Shop our MyChesCo store and show your love for Chester County, Pennsylvania. We got shirts, hats, and more – all with a unique ChesCo flair. Plus, proceeds from each purchase helps support our mission of bringing reliable information and resources to the people of Chester County.