There are a lot of ways data breaches can occur; some are accidental, others are the work of “inside job” actors within the company. Some rely on social engineering, like getting you to download a virus to your computer or click a link to a malicious site. Still others are the work of highly-skilled cybercriminals who can infiltrate a network and steal important information.
What all of those have in common, though, is the need to report them to the government. Under certain legal guidelines, companies that experience a data breach can be required to file a notice with the Securities and Exchange Commission upon discovering the breach. If the breach affected the victims’ highly-sensitive personally identifiable information (like Social Security numbers), the company can also be responsible for providing extended protections like credit or identity monitoring.
Chegg, an online tutoring and textbook rental service, discovered a data breach last month, but their investigation showed it had actually begun in April of this year. The company doesn’t have reason to think any sensitive PII or credit card numbers were exposed, so victims should only have to fear for their login credentials.
Why? If you’ve reused your username and password on different accounts, a hacker who accesses one account now has instant access to all of those other accounts as well. So far, the company has stated that the passwords were hashed with encryption, but depending on the type of encryption used, they may still be easily viewable by anyone with the right tools.
Just to be safe, Chegg reset all of its users’ passwords in an effort to prevent any significant damage. As the hackers did manage to access customers’ shipping addresses and email addresses, users should be on the lookout for any upticks in spam email messages, scams or phishing attempts that appear to originate from Chegg or its partners, or other similar tactics.
Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.