The Federal Trade commission (FTC) has filed legal action against Chegg, a popular EdTech player, due to allegations that the firm has not protected its customers from data breaches. Chegg has suffered from four data breaches since 2017, and the FTC reports that the company has taken shortcuts with the personal data of its customers, most of whom are students. The FTC is seeking to mandate enhanced data security, limit data collection, improve access controls, and allow students to delete their own data from the platform. Chegg is based in California and offers online tutoring, scholarship search services, homework help, and more.
The company is accused of collecting a large amount of personal and financial information regarding its customers, some of which deemed unnecessary. This includes religious affiliation, date of birth, sexual orientation, disabilities, Social Security numbers, and medical data. The FTC also claims that Chegg fails to adequately protect this sensitive data. Specifically, the FTC says that Chegg failed to use reasonable security measures to protect data such as multi-factor authentication, failed to monitor networks for suspicious activity, stores sensitive information in plain text, did not provide adequate security training to employees, and allowed employees to use single login to access sensitive information.