Chegg Data Breach

SF State Students,

We have been made aware that the Chegg.com service that many students utilize has reported a data breach. This notification is to give you an opportunity, if you are using this service, to understand your rights and what steps you need to follow to secure your information from potential loss or misuse. Please take a moment and review the information below and if there are any questions or concerns, they can be addressed to the SF State Information Security team at security@sfsu.edu.

Thank you.

Tuan Anh Do
Senior Director, Infrastructure Services & Interim Information Security Officer
SF STATE | Information Technology Services

Notice of Data Breach

Hello,

We recently discovered that some data from your Chegg.com account, or one of its family of student services, may have been acquired by an unauthorized party, and I wanted to reach out to you directly to inform you of what happened and what we are doing to protect your information. While our investigation into this matter continues, we are letting you know now because we value our relationship with you and we take the security of your information seriously.

What Happened?

On September 19, 2018, we learned that, on or around April 29, 2018, an unauthorized party gained access to one of our databases that hosts user data. An investigation, supported by a third-party forensics firm, was commenced. We have determined that some of your account information may have been obtained, which is why you are receiving this notice.

What Information Was Involved?

Our understanding is that the data that may have been obtained could include your name, email address, shipping address, Chegg username, and hashed Chegg password. Our current understanding is that no financial information such as credit card numbers, bank account information, or social security numbers was obtained.

What We Are Doing

We will prompt you to change your Chegg.com password upon login. If your password has been changed on or after September 26th, 2018, you will not be prompted to change it again.

What You Can Do

In addition, it is always good practice to use different passwords for different online accounts. To the extent that you used the same password on any websites or apps that you used on your Chegg account, we recommend changing those passwords as well.

For More Information

We understand you may have questions. Find more information at this link or contact us at 1-855-581-9880.

Thank You,

Signature of Dan Rosensweig

Dan Rosensweig,
CEO of Chegg, Inc.

Important Online Security and Identity Theft Protection Information

Password Security

We recommend that you change your password for the relevant websites and apps you use with that password immediately after any security incident. We also recommend that you routinely change your passwords regardless of any incident, and only use long and complex passwords that contain at least ten characters and have a combination of types of characters such as commas, percent signs, and parentheses, as well as upper-case and lower-case letters and numbers. You should never use the same password for more than one device, site, or app, write your passwords down, or share passwords with others. We recommend using a password manager to help keep track of your passwords so that you have a unique, strong password for every secure website that you use.

You may obtain a free copy of your credit report online at www.annualcreditreport.com, by calling toll-free 1-877-322-8228, or by mailing an Annual Credit Report Request Form (available at www.annualcreditreport.com) to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA, 30348-5281. You may also purchase a copy of your credit report by contacting one or more of the three national credit reporting agencies listed below.

Equifax
P.O. Box 740241
Atlanta, GA 30374-0241
800-685-1111
www.equifax.com
Experian
P.O. Box 9532
Allen, TX 75013
888-397-3742
www.experian.com
TransUnion
P.O. Box 6790
Fullerton, CA 92834-6790
800-916-8800
www.transunion.com

Online Account Security

You should remain vigilant with respect to reviewing your account statements and credit reports from one or more of the national credit reporting companies above, and promptly report any suspicious activity or suspected identity theft to us and to the proper law enforcement authorities, including local law enforcement, your state's attorney general, and/or the Federal Trade Commission ("FTC"). You may contact the FTC or your state's regulatory authority to obtain information about avoiding and protection against identity theft: Federal Trade Commission, Consumer Response Center 600 Pennsylvania Avenue, NW, Washington, DC 20580, 1-877-IDTHEFT (438-4338), www.ftc.gov/idtheft. Residents of Maryland, North Carolina and Rhode Island may also obtain information about preventing and avoiding identity theft by contacting: Maryland Office of the Attorney General, Consumer Protection Division, 200 St. Paul Place, Baltimore, MD 21202, 1-888-743-0023, www.oag.state.md.us; North Carolina Office of the Attorney General, Consumer Protection Division, 9001 Mail Service Center, Raleigh, NC 27699-9001, 1-919-716-6400, www.ncdoj.gov; and Rhode Island Office of the Attorney General, Consumer Protection Unit, 150 South Main Street, Providence, RI 02903, 1-401-274-4400, www.riag.ri.gov.

Fraud Alerts

There are two types of fraud alerts you can place on your credit report to put your creditors on notice that you may be a victim of fraud: an initial alert and an extended alert. You may ask that an initial fraud alert be placed on your credit report, which stays on your report for at least one year, if you suspect you have been, or are about to be, a victim of identity theft. You may have an extended alert placed on your credit report, which stayson for seven years, if you have already been a victim of identity theft with the appropriate documentary proof. You can place a fraud alert on your credit report by contacting any of the three national credit reporting agencies at the toll-free numbers listed below:

Equifax
877-478-7625
Experian
888-397-3742
TransUnion
800-680-7289

Credit Freezes

You may have the right to put a credit freeze (or security freeze) on your credit file, so that no new credit can be opened in your name without the use of a PIN number that is issued to you when you initiate a freeze. If you place a credit freeze, potential creditors and other third parties will not be able to get access to your credit report unless you temporarily lift the freeze. Therefore, using a credit freeze may delay your ability to obtain credit. Credit freeze laws vary from state to state, but there is no cost anywhere in the country for freezing or unfreezing your credit file. You must separately place a credit freeze on your credit file at each credit reporting company. Please contact the three major credit reporting companies as specified above for more information.

3990 Freedom Circle, Santa Clara, California 95054

 

Friday, September 28, 2018