Textbook and testing giant Pearson hit by cyberattack, customer data leaked

Pearson has confirmed recently suffering a cyberattack
The company claims hackers obtained “legacy data”
No threat actors claimed responsibility yet

Education services giant Pearson has confirmed suffering a cyberattack and losing customer data, but has played down the importance of the breach, suggesting the stolen data was outdated anyway.

BleepingComputer was tipped off that someone used an exposed GitLab Personal Access token to compromise Pearson’s development environment in January 2025.

The token was found in a public .git/config file, with the attackers using this access to find even more login credentials, hardcoded in the source code, which they then used to infiltrate the company’s network and steal corporate and customer information.

You may like

Chinese threat

Pearson later confirmed the news in a statement given to BleepingComputer:

“We recently discovered that an unauthorized actor gained access to a portion of our systems,” the statement said.

“Once we identified the activity, we took steps to stop it and investigate what happened and what data was affected with forensics experts. We also supported law enforcement’s investigation. We have taken steps to deploy additional safeguards onto our systems, including enhancing security monitoring and authentication.”

Then, the company hinted that the data might not be as valuable: “We are continuing to investigate, but at this time we believe the actor downloaded largely legacy data. We will be sharing additional information directly with customers and partners as appropriate.”

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

There was no employee information among the stolen files, it was confirmed. Pearson did not want to say how many people were affected by the incident, or what kind of information was exposed in this “legacy data”.

Unfortunately, leaving sensitive information in Git projects configuration files is nothing new, and criminals know it. In a recent analysis published by security pros GreyNoise, it was said that cybercriminals have ramped up their scanning for exposed Git configuration files, as they hunted for vulnerable organizations in Singapore.

You might also like

https://cdn.mos.cms.futurecdn.net/sFmKPA9XY64GFiyAypGZAH.jpg

Source link

Visual Intelligence is getting a big upgrade with iOS 26, and here’s why I can’t wait to use it again

I tested the Sony Bravia 8 II OLED TV, and I don’t think Samsung and LG have anything to worry about

Forget Ray-ban – Meta’s next smart glasses just got a surprise launch date and an exciting new partner

Amazon is planning one of its biggest cloud investments yet as it goes big down under

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Which Celebrity Styles Americans Copy Most in 2025: New Study

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

Enterprise Products Partners' SWOT analysis: midstream giant's stock resilience tested

JetBlue's SWOT analysis: airline stock faces turbulence amid strategic shifts

Minnesota lawmaker killed on Saturday served with compassion, governor says

Minnesota shooting suspect told friend in text message: I might be dead soon

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Textbook and testing giant Pearson hit by cyberattack, customer data leaked

Visual Intelligence is getting a big upgrade with iOS 26, and here’s why I can’t wait to use it again

I tested the Sony Bravia 8 II OLED TV, and I don’t think Samsung and LG have anything to worry about

Forget Ray-ban – Meta’s next smart glasses just got a surprise launch date and an exciting new partner

Amazon is planning one of its biggest cloud investments yet as it goes big down under