Pearson, the world’s largest education publisher, has notified its customers of a data breach that has affected approximately 13,000 school and university accounts, exposing the personal information of an unknown number of students.
The breach, which exposed names, birthdays and email addresses of students, primarily in the U.S., was brought to the attention of Pearson administrators by the Federal Bureau of Investigation back in March 2019, the Wall Street Journal reported on Wednesday.
However, the publisher has since been informed that none of the compromised data has been misused, Scott Overland, Pearson’s director of media relations, told EdScoop.
“Pearson was not the primary or intended target of this data breach,” Overland said.
In addition, the accessed data was very limited in nature.
“The exposed data was isolated to first name, last name, and in some instances may include the date of birth and/or email address,” Overland said. Because this, Pearson has been unable to estimate the number of students affected by the incident, he said.
According to Overland, the breach exploited a vulnerability in Pearson’s AIMSweb 1.0 system, which monitors and evaluates student performance. Although this service has been scheduled by the publisher to be phased out — in a decision unrelated to the breach — the vulnerability is now fixed.
“Protecting our customers’ information is of critical importance to us,” Overland said. “While we have no evidence that this information has been misused, we have notified the affected customers as a precaution.”
Complimentary credit monitoring is available as a precautionary and proactive measure for those affected by the breach.