August 16, 2021

Education publishing company Pearson plc agreed to pay $1 million to resolve an SEC investigation into its disclosures regarding a 2018 data breach that resulted in the exposure of millions of student and school administrator records, including birthdates, e-mail addresses, user names, and hashed passwords.  The SEC found that Pearson understated the nature and scope of the incident, overstated the company’s data protections, and had inadequate controls and procedures regarding the assessment and reporting of cybersecurity incidents.  Pearson, which is publicly traded in the UK, is a foreign private issuer with ADRs trading on the NYSE. SEC

Tagged in: Cybersecurity and Data Breaches, Defendants, Financial and Investment Fraud, Regulatory Violations,