The Federal Trade Commission (FTC) finalized a 2022 order with Chegg. Chegg, an education technology provider, has been cited for careless data security practices. The sensitive information exposed included Social Security numbers, email addresses and passwords.
In a complaint, the FTC said that Chegg failed to protect the personal information it collected from users and employees. For example, the company stored users’ personal data on its cloud storage databases in plain text and, until at least 2018, employed outdated and weak encryption to protect user passwords, per the FTC.