CORRESP 1 filename1.htm Document
U.S. Securities and Exchange Commission
December 6, 2019
Page 1

fenwickletterhead1.jpg
December 6, 2019

VIA EDGAR AND OVERNIGHT DELIVERY

Securities and Exchange Commission
Division of Corporation Finance
100 F Street, N.E.
Washington, DC 20549

Attention:     Kathryn Jacobson, Senior Staff Accountant
Christie Wong, Staff Accountant

Re:         Chegg, Inc.
Form 10-K for the Year Ended December 31, 2018
Form 10-Q for the Quarter Ended June 30, 2019
Response Dated October 24, 2019
File No. 001-36180
    
Ladies and Gentlemen:

We are submitting this letter on behalf of Chegg, Inc. (the “Company”) in response to the comment from the staff (the “Staff”) of the Securities and Exchange Commission (the “Commission”) received by electronic mail on November 22, 2019 that relate to the Company’s Form 10‑K for the year ended December 31, 2018, filed with the Commission on February 25, 2019 (the “Form 10K”), and the Company’s Form 10‑Q for the quarterly period ended June 30, 2019, filed with the Commission on July 29, 2019 (the “Form 10Q”) (File No. 001‑36180). The numbered paragraph below corresponds to the numbered comment in the Staff’s letter and the Staff’s comment is presented in bold italics.

Form 10-K for Fiscal Year Ended December 31, 2018

Item 1A. Risk Factors
Risks Related to our Business and Industry
Computer malware, viruses, hacking, phishing attacks and spamming could harm our business and results of operations., page 18

1.
We note your response to comment 1. Please discuss preventative actions that you had taken since the “Data Incident,” as well as enhancements to your cybersecurity risk management program, if any, to facilitate a prompt detection and discovery of future cybersecurity incidents.

Response:

The Company respectfully advises the Staff that in future filings, the Company will provide additional clarification to reference the Company’s preventative actions and enhancements to its cybersecurity risk management program as follows (additions underlined and moved language in italics):

Computer malware, viruses, hacking, phishing attacks and spamming could harm our business and results of operations.

Computer malware, viruses, hacking, physical or electronic break-ins, spamming and similar events could lead to disruptions of our website services, our mobile applications or systems we use and interruptions and delays in our services and operations, as well as loss, misuse or theft of data. Any such events could harm our business, be expensive to remedy and


U.S. Securities and Exchange Commission
December 6, 2019
Page 2

damage our reputation or brand. Computer malware, viruses, computer hacking and phishing attacks against online networking platforms have become more prevalent and may occur on systems we use in the future. We believe that the incidence of hacking among students may increase our risk of being a target for such attacks. These threats are constantly evolving, making it increasingly difficult to successfully defend against them or implement adequate preventative measures.

For instance, in April 2018, an unauthorized party gained access to user data for chegg.com and certain of our family of brands such as EasyBib (the 2018 Data Incident). The information that may have been obtained could include a Chegg user’s name, email address, shipping address, Chegg username, and hashed Chegg password. To date, no social security numbers or financial information such as users' credit card numbers or bank account information were obtained. Additionally, Thinkful, prior to our acquisition of it, discovered an unauthorized party may have gained access to certain Thinkful company credentials (the Thinkful Data Incident). If we, or companies that we acquire, experience compromises to our or our acquired companies’ security that result in website performance or availability problems, the complete shutdown of our websites, or the actual or perceived loss or unauthorized disclosure or use of confidential information, such as credit card information, users may be harmed or lose trust and confidence in us and the companies that we acquire, and decrease the use of our services or stop using our services in their entirety, and we would suffer reputational and financial harm.

As part of our regular cybersecurity efforts, including enhancements to these efforts made following our discovery of these prior events, we have implemented physical, technical and administrative safeguards designed to help protect our systems.  However, these safeguards may not be as effective as intended, and may not prevent future cybersecurity breaches. Efforts to prevent hackers from entering our computer systems are expensive to implement and may limit the functionality of our services, we may need to expend significant additional resources to further enhance our safeguards and protection against security breaches or to redress problems caused by breaches and such efforts may not be fully effective. Additionally, our network security business disruption insurance may not be sufficient to cover significant expenses and losses related to direct attacks on our website or systems we use. Though it is difficult to determine what, if any, harm may directly result from any specific interruption or attack, any failure to maintain performance, reliability, security and availability of our products and services and technical infrastructure, or the actual or perceived loss or unauthorized disclosure or use of the data we collect and develop may lead our users to lose trust and confidence in us or otherwise harm our reputation, brand and our ability to attract students to our website or may lead them to decrease the use of our services or applications or stop using our services in their entirety. Any significant disruption to our website or computer systems we use could result in a loss of students, colleges or advertisers and, particularly if disruptions occur during the peak periods at the beginning of each academic term, could adversely affect our business and results of operations.


* * *



U.S. Securities and Exchange Commission
December 6, 2019
Page 3


Should the Staff have additional questions or comments regarding the foregoing, please do not hesitate to contact me at (650) 335‑7130.

Sincerely,
/S/ DAVID A. BELL
David A. Bell

cc:
Andrew Brown, Chief Financial Officer
Robin Tomasello, VP Controller, Chief Accounting Officer
Dave Borders, General Counsel
Chegg, Inc.

Katherine Duncan
Fenwick & West LLP