Pearson pays $ 1 million to pay the charges that misled buyers: SEC – Enterprise Insurance
(Reuters) – London-based Pearson-PLC will pay $ 1 million to pay the fees it misled investors over a 2018 cyber-burglary that stole millions of student files the US Securities and Exchange Commission announced on Monday.
The educational publisher neither admitted nor denied the regulator's allegations, the SEC said, but in its 2019 annual report the company announced that the data breach may have included birth dates and email addresses, despite knowing that records were stolen .
Pearson also said at the time that there were "strong protections" in place, but the critical vulnerability had not been patched six months after notification, the SEC found.
"Pearson chose not to disclose this breach to investors until it was contacted by the media, and even then, Pearson underestimated the nature and scope of the incident and overestimated the company's privacy," said Kristina Littman, director of cyber -Department of the SEC unit.
"As listed companies are exposed to the growing threat of cyber attacks, they must provide investors with accurate information about significant cyber incidents."
Pearson spokesman Tom Steiner said the company's data breach involved a web-based software tool that was discontinued in July 2019 and that the company “continues to improve its cybersecurity efforts to minimize the risk of cyberattacks in an ever-changing threat landscape ".
It has also agreed not to violate any cyber-related disclosure requirements in addition to paying the civil penalty, the SEC said.
The leading U.S. market watchdog has filed a handful of other cybersecurity disclosure cases, including its nearly $ 500,000 fine in 2019 by real estate insurance company First American and a $ 35 million settlement in 2018, to order Clarify allegations that Yahoo has not shared any data with investors Bruch.
In a 2018 report on companies falling victim to cyber fraud, it also warned companies that public companies must use robust internal controls to detect cyber threats.