Data breach in the education sector; Pearson is the new target of these attacks

Nowadays, no company is completely safe from cyberattacks. IT security audit specialists report that UK-based education software company Pearson warns its customers about a data breach that has compromised the records of more than 13k students in the US, affecting AimsWeb (assessment and teaching support software) accounts at dozens of American academic institutions.

The British company was notified on the breach by the FBI a couple of months ago, local press reports. During the incident, multiple personal details were leaked, including:

  • Full names
  • Birth dates
  • Email addresses

After receiving the notice and conducting an internal IT security audit, the company began notifying its customers, advising them to implement some cybersecurity measures. “The security of your information is highly important to us; our experts have analyzed this incident in order to detect and fix the vulnerability that enabled the data breach,” Pearson’s notice says.

“As a precaution, we are notifying affected customers; we want to emphasize that so far there is no evidence of misuse of the compromised information,” the email says. “We want to apologize to affected users, and we also offer information monitoring services at no cost to the victims of the incident.” This is all the information the company has revealed about the data breach.  

According to IT security audit specialists, Pearson is not the only company that has recently fallen victim to a data breach. A few days ago, U.S.-based financial firm Capital One revealed a data breach in which information was compromised from about 100 million users in the U.S. and Canada.

In additional details, Capital One confirmed the leak of more than 100k social security numbers and more than 80k credit card numbers in the U.S. alone. Moreover, more than 1 million social security data of Canadian citizens was also exposed by hackers.

Specialists from the International Institute of Cyber Security (IICS) reported in past days the emergence of various security flaws in iMessage, an application for Apple devices that exposes stored information to data breach incidents similar to those recently occurred in Pearson and Capital One; the company has apparently not acknowledged the existence of these flaws, so they remain unpatched.

As if that wasn’t enough, threat actors could abuse these flaws to remotely access a locked file or device, and no user interaction is required for exploitation, making them critical security vulnerabilities.