FTC Alleges EdTech Company Exposed Data of Millions
Chegg failed to establish basic security measures, exposing sensitive data of about 40 million customers and employees, the FTC alleged Monday in a proposed complaint against the education technology company. The commission voted 4-0 to issue a complaint against Chegg,…
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
saying the company failed to fix data security problems despite experiencing four breaches since 2017. The agency didn’t issue a fine against the company, but Chegg faces civil penalties of $46,517 for each subsequent violation. The company stored personal data on the cloud in plain text and used weak, outdated encryption standards to protect user passwords until at least 2018, the FTC said. Despite three phishing attacks, the company didn’t implement a written security policy until January, the FTC said. The company must implement multifactor authentication and establish a comprehensive data security program documenting how it collects data and when to delete it. Attorneys for Chegg didn’t comment.