For a species so smart, human beings have a pretty dismal record at not making mistakes. This dynamic has already popped up on the surface quite a few times throughout our history, with each appearance practically forcing us to look for a defensive cover. We will, however, solve our conundrum in the most fitting way possible, and we’ll do so by bringing dedicated regulatory bodies into the fold. Having a well-defined authority across each and every area was a game-changer, as it instantly gave us a safety cushion against our many shortcomings, thus ushering us towards a reality that nobody could have ever imagined otherwise. However, the utopia to emerge from it didn’t stick around very long, and truth be told, it was all technology’s fault. You see, the moment technology got its layered nature to take over the scene, it allowed everyone an unprecedented chance at exploiting others for their own benefit. In case this didn’t sound bad enough, the whole runner soon began to materialize on such a massive scale that it expectantly overwhelmed our governing forces and sent them back to square one. After spending a long time in the middle of nowhere, though, it seems like the regulatory contingent is finally ready for a comeback. The same has only turned more and more apparent over the recent past, and one recently-filed lawsuit does a lot to keep that trend well and truly alive.
The Federal Trade Commission has officially filed a lawsuit against U.S. education technology giant, Chegg, in relation to the company’s “careless” cybersecurity practices that exposed personal data of millions of customers and employees. According to the complaint, Chegg’s streak of cybersecurity lapses orchestrated four different breaches between 2017 and 2020. For instance, in 2018, hackers were able to get their hands on a former Chegg employee’s security key, something which gave them complete access to a database containing customer names, email addresses, passwords, and other sensitive information, including religion, sexual orientation, disabilities, and parents’ income ranges. Later, the company suffered three additional phishing attacks that leaked yet more customer and employee information. Going by FTC’s word, the breaches occurred because of single login for all compromised databases, a lack of multi-factor authentication, the storing of all users’ and employee’s data in plaintext, and a failure on Chegg’s part to constantly monitor networks for malicious activity. Shocking enough, the commission claims that the edtech giant didn’t even have a written security policy until January 2021, while it also failed to provide sufficient security training despite three phishing attacks.
“Chegg took shortcuts with millions of students’ sensitive information,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection. “Today’s order requires the company to strengthen security safeguards, offer consumers an easy way to delete their data, and limit information collection on the front end. The Commission will continue to act aggressively to protect personal data.”
Fair enough, Chegg has agreed to comply with all the stated measures, which cover providing security training to employees and encrypting user data.
This development comes as a part of FTC’s wider plan to crack down on edtech companies that collect excessive personal details from schoolchildren, and also the ones that don’t have a foolproof system to protect students’ personal information.
“Going forward, the Commission will closely scrutinize the providers of these services and will not hesitate to act where providers fail to meet their legal obligations with respect to children’s privacy,” the FTC said.