Chegg—FTC ordered Chegg to implement comprehensive security program after four data breaches exposed millions

Jan 1, 2023

In January 2023, the FTC finalized an order against Chegg following four data breaches between 2017-2020. The order required Chegg to implement a comprehensive security program within 90 days, offer MFA to all users within 6 months, and allow users to access and delete their data - a novel FTC requirement. The FTC found Chegg's 'careless' security practices exposed personal data of tens of millions of customers and employees.

Scoring Impact

Topic	Direction	Relevance	Contribution
Consumer Protection	-against	secondary	-0.50
Data Security	-against	primary	-1.00
Overall incident score =			-0.141

Score = avg(topic contributions) × significance (high ×1.5) × confidence (0.50)× agency (compelled ×0.25)

Related: Same Topics

Bhavish Aggarwal · Engaged in heated public feud with comedian over customer complaints, stock dropped 8%

Oct 7, 2024

Ola Electric · India's CCPA issued show cause notice after over 80,000 consumer complaints about EV quality

Oct 8, 2024

Zepto · Accused of charging iPhone users up to 5x more than Android users for identical products

Dec 1, 2024

Zepto · India's CCPA fined Zepto ₹7 lakh for using dark patterns including drip pricing and basket sneaking

Dec 5, 2024

Microsoft · Microsoft committed to expand right-to-repair options following shareholder pressure

Oct 7, 2021