This Edtech Company May Have Compromised Data of 40 Million Users

The company collected a wide range of highly sensitive data and then used "careless" security practices to protect it.

Your data really isn’t safe anywhere, as edtech company Chegg is under investigation from the Federal Trade Commission (FTC) for potentially negligent protection of sensitive user data.

The poor security practices date back to 2017 and may have left valuable information like names, email addresses, and passwords open to hackers. Even more sensitive data may have been exposed as well, like religion, sexual orientation and parents’ income ranges.

With security breaches and online privacy becoming an increasingly troubling topic in the tech world, understanding how to protect yourself can go a long way in ensuring your data is actually secure.

FTC Investigating Chegg for “Careless” Storage of User Data

According to a press release from the FTC, the agency plans to take action against edtech company Chegg for its “careless” collection and storage of its 40 million users’ data.

“Chegg took shortcuts with millions of students’ sensitive information. Today’s order requires the company to strengthen security safeguards, offer consumers an easy way to delete their data, and limit information collection on the front end. The Commission will continue to act aggressively to protect personal data.” – Samuel Levine, Director of the FTC’s Bureau of Consumer Protection.

To make matters worse, Chegg collected some intensely sensitive data, including religious affiliation, sexual orientation, and even parental income. This puts the lax data protection measures in context as a serious problem to be addressed.

“Even the Chegg employee in charge of cybersecurity described the data gathered as part of its scholarship search service as ‘very sensitive.'” – Lesley Fair, Senior Attorney at the FTC

As for exactly what Chegg did wrong, the FTC noted that Chegg failed to implement basic security measures, stored information insecurely, and didn’t develop adequate security policies and training. The investigation means that Chegg will have to substantially shore up its security, as well as likely pay a fine in the near future.

The Importance of Protecting Business Data

You don’t have to be storing extremely sensitive data like income and sexual orientation to be wary about your own business data protection. In fact, if you store any data at all, be it employee names or addresses, you could be in the FTC crosshairs for not protecting it properly.

The FTC isn’t just looking to fine businesses for no reason either. The reality is that security breaches have a dramatically negative effect on businesses, with the average costing owners approximately $10 million per breach. Suffice it to say, there isn’t a small business in the world that can shoulder that cost for weak data protection.

Even worse is how these security breaches happen. Sometimes, it can be as simple as a weak password, which leads to a company-wide breach that can cause some serious problems, like Fast Company experienced last month. Your best bet at protecting yourself there is a password manager, which can store secure passwords for you and let you know when one has been compromised.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Conor is the Lead Writer for Tech.co. For the last six years, he’s covered everything from tech news and product reviews to digital marketing trends and business tech innovations. He's written guest posts for the likes of Forbes, Chase, WeWork, and many others, covering tech trends, business resources, and everything in between. He's also participated in events for SXSW, Tech in Motion, and General Assembly, to name a few. He also cannot pronounce the word "colloquially" correctly. You can email Conor at conor@tech.co.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals