The company has implemented more robust security tools amid an ongoing investigation.
UK education services provider Pearson had corporate and customer information stolen following a cyber-attack
Whilst most of the information was legacy, Pearson was reported by sources to have had its developer compromised through an exposed GitLab Personal Access Token in January. Attackers were noted to have leveraged the token to infiltrate Pearson's source code and obtain hard-coded credentials, which were later used to pilfer troves of internal network and cloud infrastructure data.
The company has implemented more robust security monitoring and authentication mechanisms amid an ongoing investigation into the incident, which has been confirmed not to have impacted employee data.
A Pearson spokesperson said: "We will be sharing additional information directly with customers and partners as appropriate.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
