Pearson has agreed to pay US$1 million to settle charges from US securities regulators that it knowingly misled investors and downplayed the severity of a 2018 cyber attack that exposed the personal information of millions of students, reported The Financial Times.
The Securities and Exchange Commission (SEC) stated that the UK educational publishing company reported the breach as “hypothetical risk” in its semi-annual report in 2019 when it had “already occurred” in 2018.
It added that Pearson claimed the breach of 13,000 school, district, and university customer accounts “may” have included dates of birth and email addresses when in fact it knew that this was the case. It also failed to state that millions of rows of student data, usernames and hashed passwords were stolen.
The FTSE 100 group claimed to have “strict protections” in place for its systems, but had failed to patch the critical vulnerability that hackers used to get into its systems until six months after it was notified, the Commission stated. The SEC also criticized Pearson’s internal processes for handling disclosure as lacking. “As the order finds, Pearson opted not to disclose this breach to investors until it was contacted by the media, and even then Pearson understated the nature and scope of the incident, and overstated the company’s data protections,” said Kristina Littman, chief of the SEC enforcement division’s cyber unit.
“As public companies face the growing threat of cyber intrusions, they must provide accurate information to investors about material cyber incidents.”
Want more news? Subscribe to CPI’s free daily newsletter for more headlines and updates on antitrust developments around the world.
Featured News
Trump Nominates Olivia Trusty for FCC Commissioner Role Ahead of Inauguration
Jan 16, 2025 by
CPI
Lawyers Claim eXp’s Settlement Tactics Hurt Antitrust Case Potential
Jan 16, 2025 by
CPI
Amex GBT Pushes Back Against DOJ Lawsuit Over CWT Acquisition
Jan 16, 2025 by
CPI
Belgium Opens Antitrust Probe into AB InBev’s Market Practices
Jan 16, 2025 by
CPI
Tech Groups Sue CFPB Over New Rule on Digital Wallet Oversight
Jan 16, 2025 by
CPI
Antitrust Mix by CPI
Antitrust Chronicle® – CRESSE Insights
Dec 19, 2024 by
CPI
Effective Interoperability in Mobile Ecosystems: EU Competition Law Versus Regulation
Dec 19, 2024 by
Giuseppe Colangelo
The Use of Empirical Evidence in Antitrust: Trends, Challenges, and a Path Forward
Dec 19, 2024 by
Eliana Garces
Some Empirical Evidence on the Role of Presumptions and Evidentiary Standards on Antitrust (Under)Enforcement: Is the EC’s New Communication on Art.102 in the Right Direction?
Dec 19, 2024 by
Yannis Katsoulacos
The EC’s Draft Guidelines on the Application of Article 102 TFEU: An Economic Perspective
Dec 19, 2024 by
Benoit Durand