Chegg Inc. and the FTC’s Order Against Them Is a Wake-up Call for Data Privacy Strategy

MarketScale
Dec 8, 2022
Learn more
Chegg data breach data privacy FTC

 

The FTC’s order against Chegg is a wake-up call for businesses everywhere and their current data privacy strategy. Chegg Inc. (“Chegg”) has been punished by the Federal Trade Commission (FTC) for its “careless” cybersecurity practices that exposed the sensitive personal information of its customers and employees.

Chegg, according to the FTC’s complaint, stored customer data in plain text on its network. This data includes names, email addresses, Chegg usernames and passwords, shipping addresses, and answers to security questions. Employee information, such as names, Social Security numbers, bank account information, and driver’s license numbers, was also stored in plain text on Chegg’s servers. To top it off, Chegg stands accused of failing to secure its network properly, thus allowing a hacker to access Chegg’s network and steal private information.

According to the FTC, Chegg violated the Gramm-Leach-Bliley Act and the FTC Act by not securing its network and storing sensitive data plainly. As part of the settlement, Chegg will develop a comprehensive information security program and will obtain independent assessments of the program every two years. In addition, Chegg will be subject to FTC oversight for 20 years to come.

The FTC’s order against Chegg is a wake-up call, not only for educational technology companies in the education sector but also for school districts and schools public and private alike. The FTC order against Chegg was because of, as the FTC determined, failure to implement commercially reasonable security measures.

Sai Huda, CEO of CyberCatch, is a globally recognized risk and cybersecurity expert and author of the best-selling book “Next Level Cybersecurity.” He gives MarketScale his thoughts on why companies should pay attention to Chegg’s mistakes, and learn from them to ensure their business’s data stays private, but also, where Chegg went wrong, and how businesses can reform their strategies to meet commercially reasonable security measures.

Sai’s Thoughts:

“Chegg had multiple phishing attacks that were successful. Chegg had other deficiencies that attackers exploited to steal over 40 million students and consumers’ data, which included parents and finally, the FTC said Enough is enough. So the question is, what do commercially reasonable security measures mean when FTC describes them?

It is really complying with a standard such as NIST cybersecurity framework. There are 108 controls, and this is really what educational technology companies minimally must implement and comply with, but also school districts and schools public and private alike should really implement those 108 controls.

These controls are prevention, detection, and response. That is an adequate defense and that will enable schools or even technology companies to be able to make the assertion that it has implemented commercial and reasonable security measures.

Follow us on social media for the latest updates in B2B!

Image

Latest

verizon business assistant
Boost Customer Satisfaction with Verizon Business Assistant
March 6, 2025

Keeping customers happy is crucial for any business, but managing interactions can be overwhelming. Enter Verizon Business Assistant, an AI-powered service designed to streamline customer communication using a simple yet effective tool — text messages. Unlike traditional chatbots, Verizon Business Assistant learns the ins and outs of your business, answering top customer questions with speed…

Read More
Email Marketing
The Science of Email Success: Secrets to Higher Open and Conversion Rates
March 6, 2025

Email marketing is often underestimated, yet it remains one of the most powerful tools for businesses to engage with their audience. Research shows that for every $1 spent on email marketing, an average return of $42 is expected. However, many professionals misunderstand what email can truly accomplish and fail to harness its full potential….

Read More
data center sector
Data Center Sector Opens Doors for Non-Traditional Career Seekers
March 3, 2025

The data center sector is expanding rapidly, driven by increasing digital demands across sectors. As this growth accelerates, data centers face a workforce shortage, with projections showing the shortage could persist for the next decade. According to a 2023 report by Uptime Institute, 50% of data center operators report difficulties filling open roles. This…

Read More
Robin Goldsmith
Interview with Robin Goldsmith
March 1, 2025

At ViVE 2025, Panda Health’s Jason Taylor and Verizon Healthcare’s Robin Goldsmith dive into the future of AI in healthcare, exploring how ambient technology is revolutionizing workflows for clinicians and improving patient experiences. A dynamic conversation not to be missed!

Read More
Related
verizon business assistant
Software & Technology
Boost Customer Satisfaction with Verizon Business Assistant
March 6, 2025
AI in Video Storytelling
Healthcare
AI and The Future of Video Storytelling
February 27, 2025

In this episode of The Marketing AI SparkCast, Aby Varma, founder of Spark Novus, sits down with Piyush Saggi, co-founder and CEO of Parmonic, to discuss AI’s impact on video storytelling. They explore AI’s role in video transformation, storytelling challenges, and how brands can balance automation with authenticity. Topics Covered * The Rise of…

Read More
broadband state
Healthcare
Broadband State of the Union: Urban Innovation and Rural Challenges
February 21, 2025

In the latest episode of Amphenol Broadband Solutions’ Wavelengths podcast, host Daniel Litwin sat down with Tyler Cooper, Editor-in-Chief at BroadbandNow Research, for a deep dive into the current landscape of broadband deployment and access across the United States. With 2025 underway, the conversation tackled key trends shaping the broadband industry, including the contrast…

Read More