FTC Alleges EdTech Company Exposed Data of Millions
Chegg failed to establish basic security measures, exposing sensitive data of about 40 million customers and employees, the FTC alleged Monday in a proposed complaint against the education technology company. The commission voted 4-0 to issue a complaint against Chegg,…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
saying the company failed to fix data security problems despite experiencing four breaches since 2017. The agency didn’t issue a fine against the company, but Chegg faces civil penalties of $46,517 for each subsequent violation. The company stored personal data on the cloud in plain text and used weak, outdated encryption standards to protect user passwords until at least 2018, the FTC said. Despite three phishing attacks, the company didn’t implement a written security policy until January, the FTC said. The company must implement multifactor authentication and establish a comprehensive data security program documenting how it collects data and when to delete it. Attorneys for Chegg didn’t comment.