Pearson Education Fined $1 Million for Data Breach

0

Pearson Education: The Securities and Exchange Commission of the United States (SEC) determined, this Monday (16), a fine of US$ 1 million (about R$ 5.2 million, in direct conversion) to Pearson Education, the largest education company in the world, by trying to hide or minimize damage related to an invasion of their systems in 2018. At the time, there was the theft of data from 13,000 of the institution’s customers, all from the North American country.

According to the investigations, a critical flaw in a software used by the institution to monitor the academic performance of students allowed Chinese malicious agents to collect various information, such as names, dates of birth and e-mail addresses, as well as millions of lines of data and credentials easily decoded due to an outdated algorithm. The biggest problem, however, came next.

Kristina Littman, head of the SEC’s Enforcement Division’s Cyber ​​Unit, says the company did not discuss the issue with its investors until it was contacted by the media, “underestimating the nature and scope of the incident” and “giving a false idea to respect for the security of the data he managed.”

“As public companies face the growing threat of cyber intrusions, they must provide investors with accurate information about such incidents,” she adds.

Inconsistencies and thanks

According to the SEC, it wasn’t until July 2019 that Pearson Education contacted the agency, at which point it suggested it was at risk of potential breaches – a year after the case and without mentioning it. It turns out that, in his testimony, he inserted the warnings sent to those affected two weeks after the event. In addition, it issued a communiqué prepared before the investigations began.

Finally, the giant fixed the vulnerabilities just six months after the leak. The company agreed to the fine imposed.

“We are pleased to resolve this matter with the SEC. We also appreciate the work of the FBI and the Department of Justice in identifying and prosecuting those responsible for a global cyberattack that affected Pearson and many other businesses and industries, including at least one government agency.” , simply declared to TechCrunch.