Another Hack in the Education Sector: 40 Million Records Exposed

Christina Seda-Acosta
Patterson Belknap Webb & Tyler LLP
Contact
LinkedIn
Facebook
X
Send
Embed

A recent data breach at Chegg Inc., the online educational technology company, serves as the most recent reminder that the education sector remains a target for hackers.

Last month, Chegg reported, on a Form 8-K disclosure filed with the Securities Exchange Commission, that it had experienced a security breach in which an “unauthorized party gained access to a Company database that hosts user data for chegg.com.”

According to the filing, Chegg believed that the information compromised included a “Chegg user’s name, email address, shipping address … and hashed Chegg password,” but not Social Security Numbers or other financial information, such as user credit card numbers or account information.

Chegg also disclosed that it expected to notify “approximately 40 million active and inactive registered users and certain regulatory authorities.”

On the news, shares in Chegg plunged more than 12 percent.  It was the worst decline in Chegg shares in recent years.  Since then, the company’s stock has continued to head lower.  Before the breach announcement, shares of Chegg traded at $31.59.  Yesterday’s closing price was $25.85 per share.

The company said it did not expect the incident to have a material impact on its financial results going forward this year.

As we have previously reported, the education sector is no stranger to data security incidents. Earlier this year, one of the New York State Education Department’s vendors, Questar Assessment, suffered a data breach resulting in the unauthorized disclosure of personal student information from five different New York schools.

In March, Florida Virtual Schools, the largest state-run virtual public school in the country, published a notice to students and parents regarding a breach that affected more than 300,000 current and former students, as well as parents and teachers, resulting in the disclosure of teachers’ Social Security Numbers, dates of birth, and addresses, among other personal information. And more recently, in April, the Irvington, New Jersey School District experienced a data breach resulting in the exposure of names and partial Social Security Numbers for more than 1,000 employees.

A 2018 data breach survey by Verizon reports that, in the education sector, 81 percent of the data security incidents were perpetrated by external actors, while 19 percent were insiders.

We will continue to follow this sector.

 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Patterson Belknap Webb & Tyler LLP | Attorney Advertising

Written by:

Patterson Belknap Webb & Tyler LLP
Patterson Belknap Webb & Tyler LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Patterson Belknap Webb & Tyler LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide