Data breach misses learning opportunity for ed tech company | So Good News
A simple method can help you protect your online accounts from hackers. Whenever possible, make sure your accounts ask for two documents to verify your identity when you sign in. It’s called multifactor, or two-factor, authentication. The security is so strong that the FTC has insisted that Chegg, Inc., provide users with its online education services as part of a settlement of the FTC’s data breach lawsuit.
According to the FTC, Chegg did not use adequate security measures to protect the information of its users — mostly high school and college students — and employees. The FTC’s complaint alleges that Chegg’s lax security led to four data breaches from 2017-2020.
One breach, in 2018, exposed 40 million users’ names, email addresses, passwords and, for some, their religion, heritage, date of birth, sexual orientation, disability, and parental income, the FTC says. Some breaches exposed employees’ financial, medical, and W-2 information, including dates of birth and Social Security numbers. The FTC alleges that Chegg repeatedly failed to fix data security problems that the breaches disclosed, leading to further breaches.
Under the FTC’s ruling, Chegg is required to take steps including providing users with more verification methods to protect their accounts. With multi-factor authentication, you need a confirmation, or “factor,” beyond your password or PIN to log into your account. The object can be something you own, such as a one-time authentication certificate that you get from a security key or via text, email, or from an authentication program. Or, it could be something you are, like your finger, your face, or your retina.
With multifactor authentication, even if a hacker knows your username and password, they won’t be able to access your account without second knowledge, making your account more secure than it would be with password protection.
Under the settlement, Chegg must also put a data protection policy in place, limit the amount of personal data it collects, and allow users to remove personal information from Chegg’s files.
Learn how to turn on multifactor authentication and other ways to protect your account on our website.