IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Pearson fined $1 million for downplaying severity of 2018 breach

The SEC found the London-based firm made “misleading statements and omissions” about the intrusion

The Securities and Exchange Commission (SEC) has ordered UK-based Pearson Education to pay $1 million to settle charges it misled investors about a 2018 data breach that resulted in millions of stolen student records.

The SEC announced the settlement after it found Pearson made “misleading statements and omissions” about the intrusion that involved the theft of student data and administrator log-in credentials of 13,000 school, district, and university customer accounts.

In its semi-annual report filed in July 2019, the SEC said Pearson referred to a data privacy incident as a hypothetical risk, despite the fact the breach had already occurred. In a statement published that same month, Pearson said the breach may include dates of birth and email addresses, but it already knew such records were stolen.

The SEC also said Pearson had "strict protections" in place, “when, in fact, it failed to patch the critical vulnerability for six months after it was notified.” 

“As the order finds, Pearson opted not to disclose this breach to investors until it was contacted by the media, and even then, Pearson understated the nature and scope of the incident, and overstated the company’s data protections,” said Kristina Littman, chief of the SEC Enforcement Division’s Cyber Unit. “As public companies face the growing threat of cyber intrusions, they must provide accurate information to investors about material cyber incidents.”

Related Resource

The technology of trust

How to protect your most valuable commodity

The technology of trust- whitepaper from OktaDownload now

Dominic Trott, UK product manager at Orange Cyberdefense, told IT Pro the $1 million settlement agreed between Pearson and the SEC comes as the education sector faces increasing hostility from malicious actors. 

“As the threat landscape evolves and while education remains firmly in the crosshairs, it is more important than ever to maintain an open dialogue. Only through collaboration and transparency can cyber researchers and technologists begin to turn the tide against cybercriminals intent on wreaking havoc in the sector,” Trott said. 

“As Pearson has learned, failure to properly disclose a breach can also be far more damaging to an organization’s reputation and can incur severe legal penalties, particularly when customer data is involved.

"Breach disclosure processes should form part of an organization’s blended approach to cyber security, layering a combination of people, process and enabling technologies to reduce the risk, minimize the impact of a breach should one occur, and demonstrate diligence and best practice to both customers and governing bodies.”

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download

Recommended

Review calls for urgent new laws over use of biometric technology
Policy & legislation

Review calls for urgent new laws over use of biometric technology

30 Jun 2022
Ten ways to protect your company from the next big data breach
data breaches

Ten ways to protect your company from the next big data breach

18 Feb 2022
Gumtree site code made personal data of users and sellers publicly accessible
data protection

Gumtree site code made personal data of users and sellers publicly accessible

16 Dec 2021
Pizza chain exposed 100,000 employees' Social Security numbers
data breaches

Pizza chain exposed 100,000 employees' Social Security numbers

19 Nov 2021

Most Popular

Universities are fighting a cyber security war on multiple fronts
cyber security

Universities are fighting a cyber security war on multiple fronts

4 Jul 2022
Hackers claim to steal personal data of over a billion people in China
data breaches

Hackers claim to steal personal data of over a billion people in China

4 Jul 2022
Latest LockBit ransomware strain 'strikingly similar' to BlackMatter
ransomware

Latest LockBit ransomware strain 'strikingly similar' to BlackMatter

4 Jul 2022