FTC Gives Chegg an 'F' for Careless Cybersecurity Impacting 40M Students

Ed-tech company Chegg is ordered by FTC to secure its systems after repeated breaches that exposed tens of millions of users' personal data.

Dark Reading Staff, Dark Reading

November 1, 2022

1 Min Read
Chalk drawing of a keyboard and a cloud to represent educational technology
Source: rvlsoft via Alamy Stock Photo

The Chegg educational technology company has been ordered by the Federal Trade Commission to get its cybersecurity in order after four separate data breaches exposed the sensitive data of about 40 million customers and employees. 

The FTC accuses the company of failing to adhere to basic security measures like two-factor authentication, while also insecurely storing personal data in the cloud, failing to implement a security policy, and skipping employee training altogether. 

As a result of the FTC complaint, Chegg will now be required to limit data collection and delete old stored data, provide consumers with the option to delete data or opt out of collection, implement multifactor authentication, and develop a comprehensive information security program. 

“Chegg took shortcuts with millions of students' sensitive information," Samuel Levine, director of the FTC's Bureau of Consumer Protection, said in a statement about the action. "Today's order requires the company to strengthen security safeguards, offer consumers an easy way to delete their data, and limit information collection on the front end. The Commission will continue to act aggressively to protect personal data."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights