PYMNTS-MonitorEdge-May-2024

FTC Takes Action Against EdTech Provider Chegg After Data Breaches

FTC

The Federal Trade Commission (FTC) is taking action against educational technology provider Chegg, saying the firm experienced four data security breaches since 2017 but allegedly failed to improve its security practices.

The security breaches exposed Social Security numbers, email addresses, passwords and other sensitive information about millions of Chegg customers and employees, theFTC said Monday (Oct. 31) in a press release.

In some cases, this included medical information as well as details about religious denominations, heritage, sexual orientation and disabilities that Chegg gathered as part of its scholarship search services, the release stated.

“Chegg took shortcuts with millions of students’ sensitive information,” Samuel Levine, director of the FTC’s Bureau of Consumer protection, said in the release. “Today’s order requires the company to strengthen security safeguards, offer consumers an easy way to delete their data, and limit information collection on the front end.”

The FTC complaint alleges that Chegg failed to implement basic security measures, stored information insecurely and failed to develop adequate security policies and training, according to the press release.

As part of the proposed order, Chegg will be required to detail and limit its data collection, provide its customers access to data collected about them, allow them to request that the company delete the data, provide multifactor authentication to customers and employees, and implement a comprehensive information security program, the release stated.

A Chegg spokesperson told PYMNTS via email that Chegg worked cooperatively with the FTC on these matters and will comply with the mandates outlined in the administrative order.

The spokesperson added that the issues occurred more than two years ago and that no monetary fines were assessed.

“We believe our positive negotiations with the FTC are indicative of our current robust security practices, as well as our efforts to continuously improve our security program,” the Chegg spokesperson said. “Chegg is wholly committed to safeguarding users’ data and has worked with reputable privacy organizations to improve our security measures and will continue our efforts.”

The FTC announcement comes one week after the commission took action against both online alcohol marketplace Drizly and its CEO, James Cory Rellas, in response to allegations that they were alerted to data security problems but failed to improve the company’s procedures before a data breach took place two years later in 2020.

PYMNTS-MonitorEdge-May-2024