Chegg avoids fine in deal with FTC over cybersecurity lapses
By 
Aaron Nicodemus2022-10-31T17:25:00
The Federal Trade Commission (FTC) ordered education technology provider Chegg to fix problems and weaknesses with its cybersecurity program that led to the exposure of personal and financial data of 40 million customers in four data breaches since 2017.
In agreeing to the order, Chegg promised to “bolster its data security, limit the data the company can collect and retain, offer users multifactor authentication to secure their accounts, and allow users to access and delete their data,” the FTC said Monday in a press release.
Chegg neither admitted nor denied any of the allegations in the FTC complaint, except as specifically stated in the decision, according to the FTC’s order.
Related articles
-
PremiumShadow AI: Another element of TPRM
Companies may face significant financial and legal risks if they fail to vet suppliers and third parties over their use of unauthorized AI and how the technology may use and share their corporate data.
-
OpinionBeyond the Binder: Policy governance in practice
Most compliance professionals have faced it: a regulator or client requests a policy, and several slightly different “final” versions appear. The issue often stems from reactive, siloed work without a unified governance framework.
-
WebcastOct 14 | CPE Webcast: Navigating Evolving Banking Regulations in the U.S. and Canada
U.S. Banking regulators have moved to loosen traditional regulation and supervision in areas like capital requirements, stress testing and liquidity, while also being more receptive to innovation in areas including Artificial Intelligence and digital assets.
More from Regulatory Enforcement
-
ArticleFormer startup CEO gets 7 years in prison for $175M fraud against JPMorgan Chase
Charlie Javice, a former CEO who duped JPMorgan Chase into purchasing her start up company for $175 million, has been ordered to forfeit more than $22 million by the Department of Justice (DOJ) and to spend 7 years in jail.
-
ArticleGeorgia Tech to pay $875,000 for allegations brought by compliance officers
Georgia Tech Research Corp. (GTRC) has agreed to pay $875,000 to settle allegations first raised by two compliance officers that its cybersecurity protocols violated acceptable standards for defense contractors, the Department of Justice (DOJ) said.
-
ArticleTractor Supply Company hit with $1.35M fine for alleged California privacy violations
Tractor Supply Company has agreed to get into compliance with California’s consumer privacy law and to pay a $1.35 million fine—the largest yet by California—to settle allegations it violated the privacy rights of customers and job applicants.