Ed tech firm Chegg faces FTC charges over data breaches

Major U.S. education technology company Chegg has been sued by the HYPERLINK "https://www.scmagazine.com/brief/compliance/alcohol-delivery-service-drizly-subjected-to-ftc-action-following-2020-breach" Federal Trade Commission for the exposure of millions of its customers' and employees' data from four different data breaches from 2017 to 2020, which stemmed from the company's cybersecurity lapses, according to TechCrunch. FTC has alleged that Chegg had Amazon-hosted storage accessible by employees and third-party contractors that enabled hackers to exfiltrate 40 million customer records in 2018. The other three breaches involved successful phishing attacks against Chegg employees, which resulted in the exposure of customers' and employees' medical and financial details, as well as their Social Security numbers. Such breaches have stemmed from Chegg's utilization of a single login for databases that have been impacted by the attacks, as well as the ed tech firm's plaintext storage of user and employee data, absence of multifactor authentication, and lack of network monitoring, "Chegg took shortcuts with millions of students sensitive information. Todays order requires the company to strengthen security safeguards, offer consumers an easy way to delete their data, and limit information collection on the front end. The Commission will continue to act aggressively to protect personal data," said FTC Bureau of Consumer Protection Director Samuel Levine.