United States of America: Issued Ruling in FTC investigation of Chegg Inc. data breach

On 27 January 2023, the Federal Trade Commission (FTC) announced the conclusion of an investigation into the educational technology provider, Chegg Inc., due to inadequate security practices which resulted in the exposure of personal data, including sensitive information, of many users. The order requires Chegg Inc., among other points, to establish a comprehensive security program, ensure contractual obligations of third-party service providers towards personal data, implement certain cybersecurity practices like multi-factor authentication, and allow users to access and delete data.