IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Pearson fined $1 million for downplaying severity of 2018 breach

The SEC found the London-based firm made “misleading statements and omissions” about the intrusion

The Securities and Exchange Commission (SEC) has ordered UK-based Pearson Education to pay $1 million to settle charges it misled investors about a 2018 data breach that resulted in millions of stolen student records.

The SEC announced the settlement after it found Pearson made “misleading statements and omissions” about the intrusion that involved the theft of student data and administrator log-in credentials of 13,000 school, district, and university customer accounts.

In its semi-annual report filed in July 2019, the SEC said Pearson referred to a data privacy incident as a hypothetical risk, despite the fact the breach had already occurred. In a statement published that same month, Pearson said the breach may include dates of birth and email addresses, but it already knew such records were stolen.

The SEC also said Pearson had "strict protections" in place, “when, in fact, it failed to patch the critical vulnerability for six months after it was notified.” 

“As the order finds, Pearson opted not to disclose this breach to investors until it was contacted by the media, and even then, Pearson understated the nature and scope of the incident, and overstated the company’s data protections,” said Kristina Littman, chief of the SEC Enforcement Division’s Cyber Unit. “As public companies face the growing threat of cyber intrusions, they must provide accurate information to investors about material cyber incidents.”

Related Resource

The technology of trust

How to protect your most valuable commodity

The technology of trust- whitepaper from OktaDownload now

Dominic Trott, UK product manager at Orange Cyberdefense, told IT Pro the $1 million settlement agreed between Pearson and the SEC comes as the education sector faces increasing hostility from malicious actors. 

“As the threat landscape evolves and while education remains firmly in the crosshairs, it is more important than ever to maintain an open dialogue. Only through collaboration and transparency can cyber researchers and technologists begin to turn the tide against cybercriminals intent on wreaking havoc in the sector,” Trott said. 

“As Pearson has learned, failure to properly disclose a breach can also be far more damaging to an organization’s reputation and can incur severe legal penalties, particularly when customer data is involved.

"Breach disclosure processes should form part of an organization’s blended approach to cyber security, layering a combination of people, process and enabling technologies to reduce the risk, minimize the impact of a breach should one occur, and demonstrate diligence and best practice to both customers and governing bodies.”

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Ten ways to protect your company from the next big data breach
data breaches

Ten ways to protect your company from the next big data breach

18 Feb 2022
Gumtree site code made personal data of users and sellers publicly accessible
data protection

Gumtree site code made personal data of users and sellers publicly accessible

16 Dec 2021
Pizza chain exposed 100,000 employees' Social Security numbers
data breaches

Pizza chain exposed 100,000 employees' Social Security numbers

19 Nov 2021
83% of critical infrastructure companies have experienced breaches in the last three years
cyber security

83% of critical infrastructure companies have experienced breaches in the last three years

11 Nov 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022