Another day, another big data breach.
This time, the breach hit education software company Pearson, exposing data on at least 100,000 students across more than 13,000 schools and universities.
According to the Wall Street Journal, the November 2018 breach exposed information like students’ names, dates of birth, and email addresses. The company was notified of the leak in March by the FBI.
One Nevada school district told the WSJ that around 114,000 students that attended its schools between 2001 and 2016 were affected just in that district alone.
If there’s a silver lining, the data has not been misused and the FBI does not believe that Pearson was the intended target of the attack. The WSJ also notes the leaked information does not include “social Security numbers, credit-card data or other financial information.”
The attack affected Pearson’s AIMSweb 1.0 system, which was already scheduled to be phased out in a decision unrelated to the breach.
A spokesperson for Pearson told Mashable via email:
“Pearson Clinical Assessments notified affected customers of unauthorized access to approximately 13,000 school and university AIMSweb 1.0 accounts. The exposed data was isolated to first name, last name, and in some instances may include date of birth and/or email address. Protecting our customers’ information is of critical importance to us. We have strict data protections in place and have reviewed this incident, found and fixed the vulnerability.
While we have no evidence that this information has been misused, we have notified the affected customers as a precaution. We apologize to those affected and are offering complimentary credit monitoring services as a precautionary measure.”
Pearson has offered complimentary credit monitoring to affected students as a proactive measure of protection.