The authoritative news source for communications regulation

FTC Alleges EdTech Company Exposed Data of Millions

Chegg failed to establish basic security measures, exposing sensitive data of about 40 million customers and employees, the FTC alleged Monday in a proposed complaint against the education technology company. The commission voted 4-0 to issue a complaint against Chegg,…

Start A Trial
saying the company failed to fix data security problems despite experiencing four breaches since 2017. The agency didn’t issue a fine against the company, but Chegg faces civil penalties of $46,517 for each subsequent violation. The company stored personal data on the cloud in plain text and used weak, outdated encryption standards to protect user passwords until at least 2018, the FTC said. Despite three phishing attacks, the company didn’t implement a written security policy until January, the FTC said. The company must implement multifactor authentication and establish a comprehensive data security program documenting how it collects data and when to delete it. Attorneys for Chegg didn’t comment.