Education giant Pearson hit by cyberattack exposing customer data

pGoogle to pay 1375 billion to settle Texas data privacy violationsppiClicker site hack targeted students with malware via fake CAPTCHAppMicrosoft Teams will soon block screen capture during meetingsppLockBit ransomware gang hacked victim negotiations exposedppStop paying monthly and get a PDF editor for life in this dealppASUS DriverHub flaw let malicious sites run commands with admin rightsppWindows 11 upgrade block lifted after Safe Exam Browser fixppHackers now testing ClickFix attacks against Linux targetsppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppEducation giant Pearson suffered a cyberattack allowing threat actors to steal corporate data and customer information BleepingComputer has learnedppPearson is a UKbased education company and one of the worlds largest providers of academic publishing digital learning tools and standardized assessments The company works with schools universities and individuals in over 70 countries through its print and online servicesppIn a statement to BleepingComputer Pearson confirmed they suffered a cyberattack and that data was stolen but stated it was mostly legacy datappWe recently discovered that an unauthorized actor gained access to a portion of our systems a Pearson representative confirmed to BleepingComputerppOnce we identified the activity we took steps to stop it and investigate what happened and what data was affected with forensics experts We also supported law enforcements investigation We have taken steps to deploy additional safeguards onto our systems including enhancing security monitoring and authenticationppWe are continuing to investigate but at this time we believe the actor downloaded largely legacy data We will be sharing additional information directly with customers and partners as appropriateppPearson also confirmed that the stolen data did not include employee informationppDo you have information about this or another cyberattack If you want to share the information you can contact us securely and confidentially on Signal at LawrenceA11 via email at lawrenceabramsbleepingcomputercom or by using our tips formppThis statement comes after sources told BleepingComputer that threat actors compromised Pearsons developer environment in January 2025 through an exposed GitLab Personal Access Token PAT found in a public gitconfig fileppA gitconfig file is a local configuration file used by Git projects to store configuration settings such as a project name email address and other information If this file is mistakenly exposed and contains access tokens embedded in remote URLs it can give attackers unauthorized access to internal repositoriesppIn the attack on Pearson the exposed token allowed the threat actors to access the companys source code which contained further hardcoded credentials and authentication tokens for cloud platformsppOver the following months the threat actor reportedly used these credentials to steal terabytes of data from the companys internal network and cloud infrastructure including AWS Google Cloud and various cloudbased database services such as Snowflake and Salesforce CRMppThis stolen data allegedly contains customer information financials support tickets and source code with millions of people impactedppHowever when BleepingComputer asked Pearson about whether they paid a ransom what they meant by legacy data how many customers were impacted and if customers would be notified the company responded that they would not be commenting on these questionsppPearson previously disclosed in January that they were investigating a breach of one of their subsidiaries PDRI which is believed to be related to this attackppScanning for Git configuration files and exposed credentials has become a common method for threat actors to breach cloud servicesppLast year Internet Archive was breached after threat actors discovered an exposed Git configuration file containing an authentication token for the companys GitLab repositoriesppFor this reason it is critical to secure gitconfig files by preventing public access and to avoid embedding credentials in remote URLsppBased on an analysis of 14M malicious actions discover the top 10 MITRE ATTCK techniques behind 93 of attacks and how to defend against themppWestern Sydney University discloses security breaches data leakppVC giant Insight Partners confirms investor data stolen in breachppMedical device maker Masimo warns of cyberattack manufacturing delaysppUK Legal Aid Agency investigates cybersecurity incidentppUK NCSC Cyberattacks impacting UK retailers are a wakeup callppI think I used them years ago for MS certification I dont think I ever logged in ppEducation giant I guess they got educated on securityppNot a member yet Register NowppMicrosoft Teams will soon block screen capture during meetingsppFake AI video generators drop new Noodlophile infostealer malwareppiClicker site hack targeted students with malware via fake CAPTCHAppOverdue a password healthcheck Audit your Active Directory for freeppLearn why identity attacks were the 1 threat facing organizations in 2024ppHow to tell if your organizations credentials have been involved in a breachppView your organizations attack surface digital frauds at no cost Register now for CTM360s Community EditionppMajority of browser extensions pose critical security risk learn how to control itppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2025 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp