Sloppy data security at education tech giant Chegg exposed students and workers’ personal information not once but four times in various ways over four years, according to the FTC.  In response, the American consumer watchdog today ordered the company to better protect data, including encrypting sensitive information, providing multi-factor authentication to users and employees, limiting the amount of personal information it collects and retains, and training staff on security practices. Stuff that should have been done a long time ago. Additionally, the FTC noted Chegg didn’t necessarily notify all of the 40 million users and employees whose private info was exposed during the four breaches.  So, per an FTC order [PDF], the tech firm also has to notify “each individual whose unencrypted Social Security number, financial account information, date of birth, user account credentials, or medical information was exposed”

Read full article on The Register