Education Giant Pearson Hit By Cyberattack Exposing Customer Data (bleepingcomputer.com)
(Friday May 09, 2025 @11:20AM (BeauHD)
from the PSA dept.)
- Reference: 0177395637
- News link: https://it.slashdot.org/story/25/05/09/0146239/education-giant-pearson-hit-by-cyberattack-exposing-customer-data
- Source link: https://www.bleepingcomputer.com/news/security/education-giant-pearson-hit-by-cyberattack-exposing-customer-data/
An anonymous reader quotes a report from BleepingComputer:
> Education giant Pearson suffered a cyberattack, [1]allowing threat actors to steal corporate data and customer information , BleepingComputer has learned. Pearson is a UK-based education company and one of the world's largest providers of academic publishing, digital learning tools, and standardized assessments. The company works with schools, universities, and individuals in over 70 countries through its print and online services. In a statement to BleepingComputer, Pearson confirmed they suffered a cyberattack and that data was stolen, but stated it was mostly "legacy data."
>
> "We recently discovered that an unauthorized actor gained access to a portion of our systems," a Pearson representative confirmed to BleepingComputer. "Once we identified the activity, we took steps to stop it and investigate what happened and what data was affected with forensics experts. We also supported law enforcement's investigation. We have taken steps to deploy additional safeguards onto our systems, including enhancing security monitoring and authentication. We are continuing to investigate, but at this time we believe the actor downloaded largely legacy data. We will be sharing additional information directly with customers and partners as appropriate." Pearson also confirmed that the stolen data did not include employee information.
The education company previously disclosed in January that they were investigating a breach of one of their subsidiaries, PDRI, which is believed to be related to this attack.
BleepingComputer also notes that threat actors breached Pearson's developer environment in January 2025 using an exposed GitLab access token, gaining access to source code and hard-coded credentials. Terabytes of sensitive data was stolen from cloud platforms and internal systems.
Despite the potential impact on millions of individuals, Pearson has declined to answer key questions about the breach or its response.
[1] https://www.bleepingcomputer.com/news/security/education-giant-pearson-hit-by-cyberattack-exposing-customer-data/
> Education giant Pearson suffered a cyberattack, [1]allowing threat actors to steal corporate data and customer information , BleepingComputer has learned. Pearson is a UK-based education company and one of the world's largest providers of academic publishing, digital learning tools, and standardized assessments. The company works with schools, universities, and individuals in over 70 countries through its print and online services. In a statement to BleepingComputer, Pearson confirmed they suffered a cyberattack and that data was stolen, but stated it was mostly "legacy data."
>
> "We recently discovered that an unauthorized actor gained access to a portion of our systems," a Pearson representative confirmed to BleepingComputer. "Once we identified the activity, we took steps to stop it and investigate what happened and what data was affected with forensics experts. We also supported law enforcement's investigation. We have taken steps to deploy additional safeguards onto our systems, including enhancing security monitoring and authentication. We are continuing to investigate, but at this time we believe the actor downloaded largely legacy data. We will be sharing additional information directly with customers and partners as appropriate." Pearson also confirmed that the stolen data did not include employee information.
The education company previously disclosed in January that they were investigating a breach of one of their subsidiaries, PDRI, which is believed to be related to this attack.
BleepingComputer also notes that threat actors breached Pearson's developer environment in January 2025 using an exposed GitLab access token, gaining access to source code and hard-coded credentials. Terabytes of sensitive data was stolen from cloud platforms and internal systems.
Despite the potential impact on millions of individuals, Pearson has declined to answer key questions about the breach or its response.
[1] https://www.bleepingcomputer.com/news/security/education-giant-pearson-hit-by-cyberattack-exposing-customer-data/
Jail time... (Score:2)
by zkiwi34 ( 974563 )
That might get such as Pearson to do something like caring. That or let them collapse in a screaming heap when a mysterious competitor arises etc
What is legacy data? (Score:2)
As if the social security number that you had five years ago is suddenly "too old?" This seems a pretty shady way to describe what data were lost, even for Pearson.