Chegg Faces Federal Trade Commission Lawsuit Over 2018 Breach
Table of Contents
- By Steven
- Published: Nov 08, 2022
- Last Updated: Nov 08, 2022
In 2018, Chegg became the victim of a massive hack that affected 40 million individuals. These were a combination of employees, outsider contracts, and students. The stolen information was found for sale on the dark web. As a result, the Federal Trade Commission, or FTC, has become involved. Chegg reached an agreement with the FTC to settle the charges, which "agreed to adopt a comprehensive data security program."
How Did the Attack Occur?
The initial attack that affected students occurred when "Chegg took shortcuts with millions of students' sensitive information," said the FTC's director of the Bureau of Consumer Protection, Samuel Levine. While Chegg's privacy policy stated that the company would take "commercially reasonable security measures" to protect students, the information was poorly protected, resulting in the violation.
What Information Was Viewed or Stolen?
The stolen information varied depending on the student but mainly consisted of the stolen emails, names, passwords, and social security numbers. In some instances, data such as sexual orientation, disabilities, religion, and parental income were all involved in the Chegg breach. Chegg left the site's back end open to malicious actors, resulting in massive data leaks and terrifyingly large numbers of victims. The only people that offered data such as orientation, religion, income, and social security numbers were students who input such for Chegg's scholarship-finding feature.
Why Was the Stolen Data Significant?
The FTC filed the lawsuit after three breaches occurred in as many years. There were millions of minors affected by this breach and many college students. While our primary concern is the minors involved here, many of the victims were also Chegg employees. It would be arrogant to assume that only the student information found its way onto the dark web and into the hands of malicious actors. One thing to also consider is how the victims' parents and/or guardians will be affected.
What Will Become of the Stolen Information?
The stolen information is very similar to many breaches we face daily; names, addresses, and social security numbers are often explicitly targeted by hackers, as the range of crimes that bad actors can commit with such data is broad. Adding in the disability, religion, and sexual orientation data can make the victims targets online and in reality.
What Should Affected Parties Do in the Aftermath of the Breach?
Many teachers hope that the breaches coming more into the public eye will off-put student use of the site. "Chegging" has become a widespread method of cheating in which students will use the site for their answers and not actually learn anything from their schooling. If you are a Chegg user, there are steps that you and your family can take to protect yourselves from fraud and online scams or threats. The easiest step is to monitor your emails and credit reports so as not to fall for phishing scams or the like.
