SEC Fines Pearson $1M For Misleading Investors About Data Breach

SEC Fines Pearson $1M For Misleading Investors

Pearson, which is a London-based company working on educational publishing, has agreed to pay $1 million on charges that it misled investors about a 2018 cyber intrusion involving the thefts of millions of student records, according to a press release from the Securities and Exchange Commission (SEC).

The SEC found that there had been inadequate disclosure controls and protections, the release stated. Millions of student records were pilfered. Stolen data included dates of birth and email addresses.

The SEC found Pearson had made statements considered misleading to both students and administrators about the 2018 data breach, which also saw administrator log-in credentials from 13,000 school, district and university accounts stolen, according to the release.

Pearson referred to the 2018 incident as a hypothetical risk when the attack had occurred the year prior, the release stated. The SEC found the company already knew at that time that the breach included sensitive information, despite only saying it may have been included.

The company also said there had been protections in place, but it had allegedly failed to provide for a patch to help repair the vulnerability, according to the release. In addition, the SEC found a company July 2019 media statement from the company did not include the fact that rows of student data and usernames, along with passwords, had been stolen.

The SEC also found that Pearson’s disclosure controls and procedures weren’t designed to make sure that those who oversee disclosure determinations were able to be informed of circumstances about the breach, the release stated.

A White House memo last month pushed for more stringent regulations to prevent cyberattacks.

Read more: White House Memo Pushes Cybersecurity For Critical Infrastructure Firms

The measure is reportedly a voluntary public-private effort and will make it so there are performance controls for water treatment plants, electric power plants and other infrastructure facilities.