Pearson fined $1 million for downplaying severity of 2018 breach

The SEC found the London-based firm made “misleading statements and omissions” about the intrusion

The Securities and Exchange Commission (SEC) has ordered UK-based Pearson Education to pay $1 million to settle charges it misled investors about a 2018 data breach that resulted in millions of stolen student records.

The SEC announced the settlement after it found Pearson made “misleading statements and omissions” about the intrusion that involved the theft of student data and administrator log-in credentials of 13,000 school, district, and university customer accounts.

In its semi-annual report filed in July 2019, the SEC said Pearson referred to a data privacy incident as a hypothetical risk, despite the fact the breach had already occurred. In a statement published that same month, Pearson said the breach may include dates of birth and email addresses, but it already knew such records were stolen.

The SEC also said Pearson had "strict protections" in place, “when, in fact, it failed to patch the critical vulnerability for six months after it was notified.” 

“As the order finds, Pearson opted not to disclose this breach to investors until it was contacted by the media, and even then, Pearson understated the nature and scope of the incident, and overstated the company’s data protections,” said Kristina Littman, chief of the SEC Enforcement Division’s Cyber Unit. “As public companies face the growing threat of cyber intrusions, they must provide accurate information to investors about material cyber incidents.”

Related Resource

The technology of trust

How to protect your most valuable commodity

The technology of trust- whitepaper from OktaDownload now

Dominic Trott, UK product manager at Orange Cyberdefense, told IT Pro the $1 million settlement agreed between Pearson and the SEC comes as the education sector faces increasing hostility from malicious actors. 

“As the threat landscape evolves and while education remains firmly in the crosshairs, it is more important than ever to maintain an open dialogue. Only through collaboration and transparency can cyber researchers and technologists begin to turn the tide against cybercriminals intent on wreaking havoc in the sector,” Trott said. 

“As Pearson has learned, failure to properly disclose a breach can also be far more damaging to an organization’s reputation and can incur severe legal penalties, particularly when customer data is involved.

"Breach disclosure processes should form part of an organization’s blended approach to cyber security, layering a combination of people, process and enabling technologies to reduce the risk, minimize the impact of a breach should one occur, and demonstrate diligence and best practice to both customers and governing bodies.”

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

Improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

Gumtree site code made personal data of users and sellers publicly accessible
data protection

Gumtree site code made personal data of users and sellers publicly accessible

16 Dec 2021
Pizza chain exposed 100,000 employees' Social Security numbers
data breaches

Pizza chain exposed 100,000 employees' Social Security numbers

19 Nov 2021
83% of critical infrastructure companies have experienced breaches in the last three years
cyber security

83% of critical infrastructure companies have experienced breaches in the last three years

11 Nov 2021
A third of UK workers are surveilled by employers
privacy

A third of UK workers are surveilled by employers

8 Nov 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022