Pearson suffered a cyberattack, discovered that an unauthorized actor gained access to a portion of their systems but confirmed that the stolen data did not include employee information. Threat actors compromised Pearson's developer environment through an exposed GitLab Personal Access Token (PAT) found in a public .git/config file.
Pearson is a UK-based education company supporting schools, universities, and individuals in over 70 countries through its print and online services.
Pearson stated, "once we identified the activity, we took steps to stop it and investigate what happened and what data was affected with forensics experts. We also supported law enforcement's investigation. We have taken steps to deploy additional safeguards onto our systems, including enhancing security monitoring and authentication."