Pearson breach exposed data of thousands of US students

Pearson, a UK-based education software company, has notified customers of a breach that affected thousands of student accounts.

UK education software company Pearson has warned school districts that a data breach has exposed the details of more than 13,000 students, primarily affecting school and university AimsWeb accounts based in the US.

Details such as names, dates of birth and email addresses stored on the accounts were affected. Pearson was made aware of the cyberattack in March of this year by the FBI, according to reporting from The Wall Street Journal.

Pearson notified customers on Wednesday (31 July) of the details of the breach and said: “Protecting our customers’ information is of critical importance to us. We have strict data protections in place and have reviewed this incident, found and fixed the vulnerability.

“While we have no evidence that this information has been misused, we have notified the affected customers as a precaution. We apologise to those affected and are offering complimentary credit monitoring services as a precautionary measure.” Pearson could not be reached for further comment at time of reporting.

This week, reports also emerged of a massive breach affecting US financial institution Capital One. The firm has estimated that 100m in the US and 6m people in Canada were affected. The hack targeted the personal information of both current and prospective Capital One customers who tendered credit card applications.

In total, Capital One has confirmed that around 140,000 US social security numbers and roughly 80,000 US-linked bank account numbers were leaked, as were 1m Canadian social insurance numbers.

A team of Google bug researchers this week also said it had discovered various security flaws in Apple’s iMessage app, one of which has not yet been fixed.

The researchers claim that the issues found in the Apple product could have been leveraged to remotely access files or crash devices. The flaws are described as “interactionless”, meaning they can run without the user having to do anything.