Pearson Hack Exposed Details on Thousands of U.S. Students
July 31 2019 - 08:53PM
Dow Jones News
By Parmy Olson
LONDON -- Pearson PLC, the British maker of educational
software, is warning school districts that a far-reaching data
breach has exposed details on thousands of students, chiefly in the
Pearson was notified about the cyberattack by the Federal Bureau
of Investigation in March, according to a person familiar with the
matter. The breach affected more than 13,000 school and university
accounts, some containing information -- such as names, dates of
birth and email addresses -- on thousands of students each. Who
perpetrated the hack is still unknown, the person said.
"We have notified the affected customers as a precaution," a
Pearson spokesman said. "We apologize to those affected."
The breach is the latest in a wave of cyber intrusions that have
highlighted how much corporations are struggling to protect
sensitive customer data.
Capital One Financial Corp. this week disclosed that its systems
were breached, affecting data from roughly 106 million people. A
former Amazon Web Services Inc. employee was arrested on Monday in
connection with that breach, which compromised information such as
social-security numbers and bank-account details.
Allan Cunningham, the information-security officer for Washoe
County School District in Nevada, said he learned from Pearson that
the breach affected data of 114,000 students enrolled between 2001
and 2016 in his jurisdiction alone. For about half of those,
information on their dates of birth was accessed. A cybersecurity
administrator in another large school district estimated that in
his region about 500 students were affected.
Pearson suffered its data breach around November 2018, the
company told school-district administrators in a letter detailing
the incident and reviewed by The Wall Street Journal. The
London-based company said it had no evidence that any student data
was misused. It said it was offering complimentary
credit-monitoring services to affected victims as a precaution.
Mr. Cunningham said he was advising parents to use the free
credit-monitoring tools because of past incidents where scammers
stole the identities of children. But, he added, "the overall risk
is low" because Pearson's breach didn't include sensitive financial
Pearson said that school grades or assessment information didn't
appear to be affected, and that the breached system didn't contain
Social Security numbers, credit-card data or other financial
The company said it had suspended operations this week of the
affected system, called AIMSweb 1.0. The decision to phase out the
system was made previously, the company said, and wasn't related to
Pearson, with a history of producing textbooks, has increasingly
focused on selling digital services. Last month, it said it would
phase out such print publications.
One security expert said data theft is often an unintended
consequence of educational companies shifting to digital
Douglas Levin, president of EdTech Strategies, a security
consulting firm for the education industry, questioned some of the
security practices Pearson's system used.
"If you're building an information system for schools, you
wouldn't be placing personally identifiable info into a database
like this," he said. "You'd use a unique student identifier that
did not have a name, email and birth date."
Pearson said it was reviewing its systems.
(END) Dow Jones Newswires
July 31, 2019 20:38 ET (00:38 GMT)
Copyright (c) 2019 Dow Jones & Company, Inc.
Historical Stock Chart
From Feb 2023 to Mar 2023
Historical Stock Chart
From Mar 2022 to Mar 2023