Chegg Inc. and the FTC’s Order Against Them Is a Wake-up Call for Data Privacy Strategy

 

The FTC’s order against Chegg is a wake-up call for businesses everywhere and their current data privacy strategy. Chegg Inc. (“Chegg”) has been punished by the Federal Trade Commission (FTC) for its “careless” cybersecurity practices that exposed the sensitive personal information of its customers and employees.

Chegg, according to the FTC’s complaint, stored customer data in plain text on its network. This data includes names, email addresses, Chegg usernames and passwords, shipping addresses, and answers to security questions. Employee information, such as names, Social Security numbers, bank account information, and driver’s license numbers, was also stored in plain text on Chegg’s servers. To top it off, Chegg stands accused of failing to secure its network properly, thus allowing a hacker to access Chegg’s network and steal private information.

According to the FTC, Chegg violated the Gramm-Leach-Bliley Act and the FTC Act by not securing its network and storing sensitive data plainly. As part of the settlement, Chegg will develop a comprehensive information security program and will obtain independent assessments of the program every two years. In addition, Chegg will be subject to FTC oversight for 20 years to come.

The FTC’s order against Chegg is a wake-up call, not only for educational technology companies in the education sector but also for school districts and schools public and private alike. The FTC order against Chegg was because of, as the FTC determined, failure to implement commercially reasonable security measures.

Sai Huda, CEO of CyberCatch, is a globally recognized risk and cybersecurity expert and author of the best-selling book “Next Level Cybersecurity.” He gives MarketScale his thoughts on why companies should pay attention to Chegg’s mistakes, and learn from them to ensure their business’s data stays private, but also, where Chegg went wrong, and how businesses can reform their strategies to meet commercially reasonable security measures.

Sai’s Thoughts:

“Chegg had multiple phishing attacks that were successful. Chegg had other deficiencies that attackers exploited to steal over 40 million students and consumers’ data, which included parents and finally, the FTC said Enough is enough. So the question is, what do commercially reasonable security measures mean when FTC describes them?

It is really complying with a standard such as NIST cybersecurity framework. There are 108 controls, and this is really what educational technology companies minimally must implement and comply with, but also school districts and schools public and private alike should really implement those 108 controls.

These controls are prevention, detection, and response. That is an adequate defense and that will enable schools or even technology companies to be able to make the assertion that it has implemented commercial and reasonable security measures.

Follow us on social media for the latest updates in B2B!

Image

Latest

LodgIQ
Olde Mill Inn Leveraging Maestro All-In-One PMS and LodgIQ AI Integration to Wow Guests, Drive Revenues
November 5, 2024

The popular central New Jersey wedding and social event destination is making data-driven decisions, maximizing its revenue potential, and connecting with guests in more strategic ways. MARKHAM, Ontario, Nov. 5, 2024 — Maestro, the hotel industry’s leading Web Browser-based cloud and on-premises All-In-One property-management system, teamed with preeminent commercial strategy platform LodgIQ to improve operations,…

Read More
luxury residential technology
Kaleidoscape Takes Luxury Residential Technology to New Heights
November 4, 2024

Home automation and luxury residential technology are reaching new heights of sophistication. Previously centered on isolated home theater rooms, this industry now integrates smart features and high-quality audiovisual setups throughout entire homes. In a market once dominated by high-cost, integrator-managed installations, shifts toward accessible DIY technology and e-commerce have introduced new options for consumers….

Read More
DCS and IMI Unite for a Stronger Future
DCS and IMI Unite for a Stronger Future
November 4, 2024

In the latest episode of On Time In Full, host Gabrielle Bejarano sits down with Seth Taylor, Executive Vice President of Operations at Designed Conveyor Systems (DCS), and Mike Smith, Vice President of Operations at IMI Industrial. The conversation centers around the recent acquisition of IMI by DCS, a strategic move aimed at expanding…

Read More
the people business
The People Business: A Model For the Future? Land Rehabilitation & Workforce Training
November 4, 2024

In this episode of The Apple One Podcast’s The People Business series, host Brett Howroyd dives into Buffalo, New York’s revitalization efforts, highlighting transformative work in brownfield redevelopment and workforce training. With insights from Stephen Tucker, CEO of the Northland Workforce Training Center, and Peter Cammarata, former president of the Buffalo Urban Development Corporation (BUDC),…

Read More