Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Security Education Privacy

Education Giant Pearson Hit By Cyberattack Exposing Customer Data (bleepingcomputer.com) 7

An anonymous reader quotes a report from BleepingComputer: Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned. Pearson is a UK-based education company and one of the world's largest providers of academic publishing, digital learning tools, and standardized assessments. The company works with schools, universities, and individuals in over 70 countries through its print and online services. In a statement to BleepingComputer, Pearson confirmed they suffered a cyberattack and that data was stolen, but stated it was mostly "legacy data."

"We recently discovered that an unauthorized actor gained access to a portion of our systems," a Pearson representative confirmed to BleepingComputer. "Once we identified the activity, we took steps to stop it and investigate what happened and what data was affected with forensics experts. We also supported law enforcement's investigation. We have taken steps to deploy additional safeguards onto our systems, including enhancing security monitoring and authentication. We are continuing to investigate, but at this time we believe the actor downloaded largely legacy data. We will be sharing additional information directly with customers and partners as appropriate." Pearson also confirmed that the stolen data did not include employee information.
The education company previously disclosed in January that they were investigating a breach of one of their subsidiaries, PDRI, which is believed to be related to this attack.

BleepingComputer also notes that threat actors breached Pearson's developer environment in January 2025 using an exposed GitLab access token, gaining access to source code and hard-coded credentials. Terabytes of sensitive data was stolen from cloud platforms and internal systems.

Despite the potential impact on millions of individuals, Pearson has declined to answer key questions about the breach or its response.
This discussion has been archived. No new comments can be posted.

Education Giant Pearson Hit By Cyberattack Exposing Customer Data

Comments Filter:
  • by fropenn ( 1116699 ) on Friday May 09, 2025 @10:14AM (#65363961)
    As if the social security number that you had five years ago is suddenly "too old?" This seems a pretty shady way to describe what data were lost, even for Pearson.
    • Education providers turnover entire generations worth of data every year as students enter their country's education systems at 1st grade and then leave again 10-12 years later. It's mostly junk data. Student numbers, names, maybe a photograph, borrowing history, issued textbooks, everything almost nothing someone would really care about...overdue returns [cbrimages.com], maybe. Highly unlikely to be any social security numbers, for example. They would be in the School's management system, and hopefully guarded like the
  • That might get such as Pearson to do something like caring. That or let them collapse in a screaming heap when a mysterious competitor arises etc
  • Hope they are penalized under FERPA
  • the exposed token allowed the threat actors to access the company's source code, which contained further hard-coded credentials and authentication tokens for cloud platforms.

Doubt isn't the opposite of faith; it is an element of faith. - Paul Tillich, German theologian and historian

Working...