American education technology company Chegg confirmed a data breach in which malicious actors stole some of its employee records.

As reported by TechCrunch, digital attackers succeeded in stealing 700 records associated with current and former Chegg employees. Those records contained individuals’ personally identifiable information (PII) including their names and Social Security Numbers.

The company said that it had begun working with law enforcement as well as an unnamed third-party digital forensics firm to investigate what had happened.

Paul Norris, senior system engineer at Tripwire, agreed with the educational platform’s decision to do so:

Chegg certainly took the right steps in terms of notifying authorities and initiating forensics. However, there is a trend across both the public and the private sector that might explain why the education tech company has been hit three times in three years. Typically, security spend has been associated with maintaining regulatory compliance. If that budget can be minimized and compliance can be achieved, the business can continue operating. As we have seen, there have been many high profile data breaches that have had serious financial implications to the affected organizations who met their regulatory compliance objectives.

Chegg suffered its first security incident back in September 2018 when it confirmed in a filing with the Securities and Exchange Commission that malicious attackers had accessed a database containing the information of 40 million customers. Per Infosecurity Magazine, news of the second incident came a year later when Thinkful, an online education platform acquired by Chegg, announced that malicious actors might have exposed users accounts.

A day before news of this latest breach emerge, a federal judge ruled that a lawsuit pertaining to the 2018 security incident must proceed to arbitration, according to Reuters.

Norris feels that the most recent security incident involving Chegg highlights the (Read more...)