Case Study
Chegg Learns a Lesson About Exposing Student and Employee Data
To sell its educational products and services, Chegg collects personal information about its high school and college student customers, including religious denominations, heritage, dates of birth, sexual orientation, and disabilities. Chegg also collects sensitive personal information about its employees, including dates of birth, Social Security numbers, and financial and medical data. After four breaches exposed data about Chegg’s student customers and employees, the FTC brought action against Chegg for their lax security practices. The FTC order requires Chegg to detail and limit its data collection, allow customers to request any stored personal data to be deleted, implement multifactor authentication, and create a comprehensive information security program.