Chegg, a technology giant specializing in textbook rental, suffered a data breach affecting around 40 million customers.
According to CNBC, Chegg’s shares fell more than 12 percent on Wednesday (September 26) after the news broke.
The breach, which happened in April but was only discovered a week ago, was revealed in a filing with the Securities and Exchange Commission. Chegg explained that hackers gained access to its customer database, which includes users for Chegg’s website as well as other products, such as its citation service EasyBib. The criminals stole usernames, email addresses, shipping addresses and hashed passwords — but there is no evidence that financial data was taken.
The company has vowed to change all user passwords as a result of the breach.
Chegg said it first learned of the breach on September 19 and plans to start notifying approximately 40 million registered users and regulatory authorities about the incident.
“Chegg takes the security of its users’ information seriously and will be initiating a password reset process for all user accounts,” the company said in the SEC filing.
But Phil Hill, an ed tech consultant who first spotted the SEC form, reported that Chegg had not started the notification process, even after the 8-K filing.
“I get that the company needs to notify the SEC, being a publicly traded company, but they certainly are not notifying the public very well. Seems focus is on guidance for stock price, not transparency,” said Hill, according to ZDNet.
Despite its recent stock issues, Chegg said that it does not expect the breach to have a material impact on its financial results. In fact, the company confirmed its previous guidance for the third quarter, which showed expected revenue in the range of $68 million to $69.5 million, including Chegg Services revenue of $52 million to $53.5 million, according to Motley Fool. In addition, its shares had nearly doubled this year before today’s trading.