Chegg Inc. and the FTC’s Order Against Them Is a Wake-up Call for Data Privacy Strategy

MarketScale
Dec 8, 2022
Learn more
Chegg data breach data privacy FTC

 

The FTC’s order against Chegg is a wake-up call for businesses everywhere and their current data privacy strategy. Chegg Inc. (“Chegg”) has been punished by the Federal Trade Commission (FTC) for its “careless” cybersecurity practices that exposed the sensitive personal information of its customers and employees.

Chegg, according to the FTC’s complaint, stored customer data in plain text on its network. This data includes names, email addresses, Chegg usernames and passwords, shipping addresses, and answers to security questions. Employee information, such as names, Social Security numbers, bank account information, and driver’s license numbers, was also stored in plain text on Chegg’s servers. To top it off, Chegg stands accused of failing to secure its network properly, thus allowing a hacker to access Chegg’s network and steal private information.

According to the FTC, Chegg violated the Gramm-Leach-Bliley Act and the FTC Act by not securing its network and storing sensitive data plainly. As part of the settlement, Chegg will develop a comprehensive information security program and will obtain independent assessments of the program every two years. In addition, Chegg will be subject to FTC oversight for 20 years to come.

The FTC’s order against Chegg is a wake-up call, not only for educational technology companies in the education sector but also for school districts and schools public and private alike. The FTC order against Chegg was because of, as the FTC determined, failure to implement commercially reasonable security measures.

Sai Huda, CEO of CyberCatch, is a globally recognized risk and cybersecurity expert and author of the best-selling book “Next Level Cybersecurity.” He gives MarketScale his thoughts on why companies should pay attention to Chegg’s mistakes, and learn from them to ensure their business’s data stays private, but also, where Chegg went wrong, and how businesses can reform their strategies to meet commercially reasonable security measures.

Sai’s Thoughts:

“Chegg had multiple phishing attacks that were successful. Chegg had other deficiencies that attackers exploited to steal over 40 million students and consumers’ data, which included parents and finally, the FTC said Enough is enough. So the question is, what do commercially reasonable security measures mean when FTC describes them?

It is really complying with a standard such as NIST cybersecurity framework. There are 108 controls, and this is really what educational technology companies minimally must implement and comply with, but also school districts and schools public and private alike should really implement those 108 controls.

These controls are prevention, detection, and response. That is an adequate defense and that will enable schools or even technology companies to be able to make the assertion that it has implemented commercial and reasonable security measures.

Follow us on social media for the latest updates in B2B!

Image

Latest

IC-SAT100
Meet IC-SAT100, a Satellite PTT Radio Built for the World’s Most Demanding Environments
February 5, 2026

Let’s have a look at Icom’s IC-SAT100, a satellite Push-To-Talk radio designed for moments when ordinary communication just isn’t an option. Powered by the Iridium satellite network, this rugged handheld delivers instant one-to-many communication at the push of a button—no cell towers or ground infrastructure required. Built to thrive in harsh environments, it’s waterproof,…

Read More
IP110H
From Hospitals to Warehouses, the IP110H Keeps Your Team in Sync
February 5, 2026

Icom’s IP110H is a compact, license-free WLAN radio built to keep teams talking—clearly and instantly—over an existing wireless network. Designed for environments like hospitals, hotels, warehouses, and tunnels, it delivers real-time, full-duplex voice using Icom’s advanced IP radio system. From Bluetooth capability to USB-C charging and a sleek, pocket-friendly design, the IP110H feels modern,…

Read More
IP501H
The IP501H Brings Effortless, Wide-Area Communication to Your Team
February 4, 2026

Meet Icom’s IP501H, a cellular two-way radio built for instant wide-area communication over LTE (4G) and 3G networks. It works just like a traditional radio—supporting individual, group, and all-call conversations—without the need for repeaters or a dedicated IP network. With everything included in the box, the IP501H is designed for quick setup and fast…

Read More
IP730D
One Radio, Three Networks, Seamless Coverage: Meet the IP730D
February 4, 2026

Icom’s IP730D is a true game-changer in professional communications, blending LTE, IDAS, and analog networks into one powerful hybrid radio. Designed for flexibility and confidence in the field, it uses dual PTT buttons to let users transmit and receive across networks seamlessly—delivering reliable, wide-area coverage wherever it’s needed. From the moment it comes out of…

Read More
Related
Energy
Software & Technology
Buy, Build & AI: Your New Software Strategy for Energy Leaders
February 3, 2026
AI in energy
Healthcare
May the Agentforce Be With You: AI in Energy Services
February 3, 2026

Generative AI has moved past being a shiny demo and into the messy reality of enterprise operations—where data lives in different systems, customers expect instant answers, and security teams (rightfully) say “prove it.” In energy services specifically, even small efficiency gains matter: many retail energy providers operate on thin margins, and operational blind spots—billing…

Read More
Energy billing
Healthcare
Nightmare on Revenue Street: Energy Billing Edition
February 3, 2026

Energy billing is one of those things most people only think about when something goes wrong—an unusually high charge, a missing bill, a surprise shutoff notice, or a rate plan that suddenly doesn’t make sense. With smart meters, more complex pricing options, and different rules in regulated vs. deregulated markets, even a small breakdown…

Read More