Pearson Suffers Data Breach Impacting Thousands of School and University Accounts in US

• The data breach occurred after an unauthorized third-party gained access to several school and university accounts on AIMSweb.
• The compromised information included students’ names, dates of birth and email addresses.

What is the issue?

The UK-based education company, Pearson suffered a data breach incident impacting approximately 13,000 school and university AIMSweb 1.0 accounts in the United States.

The big picture

The data breach occurred after an unauthorized third-party gained access to several school and university accounts on AIMSweb.

Pearson became aware of the incident in March 2019, after the Federal Bureau of Investigation (FBI) notified the education company about the breach. It is to be noted that the incident happened in November 2018.

On July 31, 2019, Pearson notified its customers about the breach and stated that it is offering free credit monitoring services for all impacted customers. The compromised information included students’ names, dates of birth and email addresses.

“While we have no evidence that this information has been misused, we have notified the affected customers as a precaution. We apologize to those affected and are offering complimentary credit monitoring services as a precautionary measure,” Pearson said in the customer notification.

What was the response?

• Upon learning the incident, Pearson launched an investigation on the incident and implemented strict data protection in place.
• The education company determined the security loophole that caused the breach and fixed the vulnerability.

“Protecting our customers’ information is of critical importance to us. We have strict data protections in place and have reviewed this incident, found and fixed the vulnerability,” Pearson said.