Education technology provider Chegg Inc. FTC order for its lax data security practices

The Federal Trade Commission (FTC) has finalized its order with education technology provider Chegg Inc. for its lax data security practices. Chegg failed to protect sensitive information, resulting in four data breaches that exposed the personal data of about 40 million users and employees. The order requires Chegg to implement a comprehensive information security program, limit data collection and retention, offer multifactor authentication, and allow users to request access to and deletion of their data. The Commission voted 4-0 to finalize the order after receiving only one substantive comment.

Original Story: