LONDON–Another data breach has been announced, this one potentially exposing details on more than 10,000 institutions and their students. The company said financial information has not been compromised.
Pearson, a British producer of educational software, said it was notified about the cyberattack by the FBI in March of this year. The company said the breach involves more than 13,000 school and university accounts (and the individual accounts at each of those institutions), some containing information—such as names, dates of birth and email addresses—on thousands of students each. The hacker is not known and no arrests have been made.
“We have notified the affected customers as a precaution,” a Pearson spokesperson said in a statement. “We apologize to those affected.”
The news of the Pearson cyberbreach comes shortly after Capital One Financial Corp. acknowledged more than 106-million customer accounts had also been breached. In that case, a former Amazon Web Services Inc. employee has been arrested.
More Than 100,000 Affected in One District
Allan Cunningham, the information-security officer for Washoe County School District in Nevada, told the Wall Street Journal Pearson informed the school district that 114,000 students in just the WCS District enrolled between 2001 and 2016 in were affected. For about half of those, information on their dates of birth was accessed. A cybersecurity administrator in another large school district estimated that in his region about 500 students were affected, the Journal reported.
Pearson suffered its data breach around November 2018, the company told school-district administrators in a letter detailing the incident and reviewed by The Wall Street Journal. The London-based company said it had no evidence that any student data was misused. It said it was offering complimentary credit-monitoring services to affected victims as a precaution, the Journal said.
Pearson said school grades or assessment information didn’t appear to be affected, and that the breached system didn’t contain Social Security numbers, credit-card data or other financial information.
The company said it had suspended operations this week of the affected system, called AIMSweb 1.0.