Pearson to pay $1 million to settle charges it misled investors, U.S. SEC says
Reuters
Published Aug 16, 2021 12:06PM ET
Updated Aug 16, 2021 12:55PM ET
By Katanga Johnson
WASHINGTON (Reuters) -London-based Pearson PLC (LON:PSON) will pay $1 million to settle charges it misled investors about a 2018 cyber intrusion involving the theft of millions of student records, the U.S. Securities and Exchange Commission (SEC) said on Monday.
The educational-publishing firm did not admit nor deny the regulator's charges, the SEC said, but in 2019 the firm disclosed in its annual report that the data breach may have included birth dates and email addresses, when, in fact, it knew that such records were stolen.
Pearson also said at the time that it had "strict protections" in place, but failed to patch the critical vulnerability for six months after it was notified, the SEC found.
"Pearson opted not to disclose this breach to investors until it was contacted by the media, and even then Pearson understated the nature and scope of the incident, and overstated the company's data protections," said Kristina Littman, chief of the SEC enforcement division's cyber unit.
"As public companies face the growing threat of cyber intrusions, they must provide accurate information to investors about material cyber incidents."
Pearson spokesman Tom Steiner said the company's data breach involved a web-based software tool that was retired in July 2019, and that the firm "continues to enhance its cyber security efforts to minimise the risk of cyberattacks in an ever-changing threat landscape."
It has also agreed to cease and desist from committing violations of cyber-related disclosure provisions in addition to paying the civil penalty, the SEC said.
The top U.S. markets watchdog has brought a handful of other cybersecurity disclosure cases, including its nearly $500,000 fine in 2019 of real estate title insurance company First American and a $35 million settlement in 2018 to resolve allegations that Yahoo didn’t tell investors about a data breach.
It also warned companies in a 2018 report on corporations that were victims of cyber fraud that publicly-traded companies must adopt robust internal controls to detect cyber threats.
Get The News You Want
Written By: Reuters
Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.