Pearson agreed to pay $1 million for 2018 Data Theft


Pearson, a London based e-textbook publishing firm that supplies software to Schools and Universities has been slapped with a fine of $1 million for misleading investors about a 2018 data breach that witnessed siphoning of millions of student records by hackers.

In what is known to our Cybersecurity Insiders, the penalty was pronounced by the US Securities and Exchange Commission, as Pearson made false and misleading statements on the 2018 data breach that witnessed millions of student usernames and passwords stolen along with admin level login credentials of over 13,000 school and university pupils.

To deteriorate the cyber risk, Pearson filed an annual review report in July 2019 saying there was a significant possibility of student Dobs and email addresses stolen in the cyber attack, when it actually knew that the records were indeed stolen.

Pearson Education accepted to pay a fine of $1 million to SEC, but disagreed to accept the fact that the cyber crooks stole sensitive student data.

Highly placed sources say that the data steal took place as hackers exploited a vulnerability in AIMSweb 1.0 web-based software that helps in keeping a track of student academic performance.

NOTE- Pearson owns media brands such as Peachpit, Prentice Hall, eCollege, Longman, Scott Foresman, Addison-Wesley and others. Till the year 2011, the company was recognized as Pearson Education and from then on was known as Pearson, that later split into two divisions- International and North American.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display