Pearson fined $1 million for downplaying severity of 2018 breach

The SEC found the London-based firm made “misleading statements and omissions” about the intrusion

The Securities and Exchange Commission (SEC) has ordered UK-based Pearson Education to pay $1 million to settle charges it misled investors about a 2018 data breach that resulted in millions of stolen student records.

The SEC announced the settlement after it found Pearson made “misleading statements and omissions” about the intrusion that involved the theft of student data and administrator log-in credentials of 13,000 school, district, and university customer accounts.

In its semi-annual report filed in July 2019, the SEC said Pearson referred to a data privacy incident as a hypothetical risk, despite the fact the breach had already occurred. In a statement published that same month, Pearson said the breach may include dates of birth and email addresses, but it already knew such records were stolen.

The SEC also said Pearson had "strict protections" in place, “when, in fact, it failed to patch the critical vulnerability for six months after it was notified.” 

“As the order finds, Pearson opted not to disclose this breach to investors until it was contacted by the media, and even then, Pearson understated the nature and scope of the incident, and overstated the company’s data protections,” said Kristina Littman, chief of the SEC Enforcement Division’s Cyber Unit. “As public companies face the growing threat of cyber intrusions, they must provide accurate information to investors about material cyber incidents.”

Related Resource

The technology of trust

How to protect your most valuable commodity

The technology of trust- whitepaper from OktaDownload now

Dominic Trott, UK product manager at Orange Cyberdefense, told IT Pro the $1 million settlement agreed between Pearson and the SEC comes as the education sector faces increasing hostility from malicious actors. 

“As the threat landscape evolves and while education remains firmly in the crosshairs, it is more important than ever to maintain an open dialogue. Only through collaboration and transparency can cyber researchers and technologists begin to turn the tide against cybercriminals intent on wreaking havoc in the sector,” Trott said. 

“As Pearson has learned, failure to properly disclose a breach can also be far more damaging to an organization’s reputation and can incur severe legal penalties, particularly when customer data is involved.

"Breach disclosure processes should form part of an organization’s blended approach to cyber security, layering a combination of people, process and enabling technologies to reduce the risk, minimize the impact of a breach should one occur, and demonstrate diligence and best practice to both customers and governing bodies.”

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Are you over-sharing online?
social media

Are you over-sharing online?

1 Sep 2021
What is customer identity and access management? 
identity and access management (IAM)

What is customer identity and access management? 

19 Aug 2021
Indiana notifies 750,000 after COVID-19 tracing data accessed
data breaches

Indiana notifies 750,000 after COVID-19 tracing data accessed

18 Aug 2021
ESign Genie adds fraud detection to its digital signature software
Security

ESign Genie adds fraud detection to its digital signature software

16 Aug 2021

Most Popular

Zoom: From pandemic upstart to hybrid work giant
video conferencing

Zoom: From pandemic upstart to hybrid work giant

14 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021