Your data really isn't safe anywhere, as edtech company Chegg is under investigation from the Federal Trade Commission (FTC) for potentially negligent protection of sensitive user data.
The poor security practices date back to 2017 and may have left valuable information like names, email addresses, and passwords open to hackers. Even more sensitive data may have been exposed as well, like religion, sexual orientation and parents' income ranges.
With security breaches and online privacy becoming an increasingly troubling topic in the tech world, understanding how to protect yourself can go a long way in ensuring your data is actually secure.
FTC Investigating Chegg for “Careless” Storage of User Data
According to a press release from the FTC, the agency plans to take action against edtech company Chegg for its “careless” collection and storage of its 40 million users' data.
“Chegg took shortcuts with millions of students’ sensitive information. Today’s order requires the company to strengthen security safeguards, offer consumers an easy way to delete their data, and limit information collection on the front end. The Commission will continue to act aggressively to protect personal data.” – Samuel Levine, Director of the FTC’s Bureau of Consumer Protection.
To make matters worse, Chegg collected some intensely sensitive data, including religious affiliation, sexual orientation, and even parental income. This puts the lax data protection measures in context as a serious problem to be addressed.
“Even the Chegg employee in charge of cybersecurity described the data gathered as part of its scholarship search service as ‘very sensitive.'” – Lesley Fair, Senior Attorney at the FTC
As for exactly what Chegg did wrong, the FTC noted that Chegg failed to implement basic security measures, stored information insecurely, and didn't develop adequate security policies and training. The investigation means that Chegg will have to substantially shore up its security, as well as likely pay a fine in the near future.
The Importance of Protecting Business Data
You don't have to be storing extremely sensitive data like income and sexual orientation to be wary about your own business data protection. In fact, if you store any data at all, be it employee names or addresses, you could be in the FTC crosshairs for not protecting it properly.
The FTC isn't just looking to fine businesses for no reason either. The reality is that security breaches have a dramatically negative effect on businesses, with the average costing owners approximately $10 million per breach. Suffice it to say, there isn't a small business in the world that can shoulder that cost for weak data protection.
Even worse is how these security breaches happen. Sometimes, it can be as simple as a weak password, which leads to a company-wide breach that can cause some serious problems, like Fast Company experienced last month. Your best bet at protecting yourself there is a password manager, which can store secure passwords for you and let you know when one has been compromised.