© Reuters. FILE PHOTO: The seal of the U.S. Securities and Exchange Commission (SEC) can be seen at its headquarters in Washington, D.C., USA on May 12, 2021. REUTERS / Andrew Kelly
From Katanga Johnson
WASHINGTON (Reuters) – based in London Pearson PLC (LON 🙂 will pay $ 1 million to pay the fees it misled investors over a 2018 cyber break-in that stole millions of student files, the US Securities and Exchange Commission said SEC on Monday with.
The educational publisher neither admitted nor denied the regulator's allegations, the SEC said, but in its 2019 annual report the company announced that the breach may have included birth dates and email addresses, despite knowing that records were stolen .
Pearson also said at the time that there were "strong protections" in place but had not patched the critical vulnerability for six months after being notified, the SEC found.
"Pearson chose not to disclose this breach to investors until it was contacted by the media, and even then, Pearson underestimated the nature and scope of the incident and overestimated the company's privacy," said Kristina Littman, director of cyber security. Department of the SEC unit.
"As public companies face the growing threat of cyberattacks, they need to provide investors with accurate information about major cyber incidents."
Pearson spokesman Tom Steiner said the company's privacy breach involved a web-based software tool that was discontinued in July 2019 and that the company "continues to improve its cybersecurity efforts to minimize the risk of cyberattacks in an ever-changing threat landscape."
It has also pledged not to breach any internet disclosure requirements in addition to paying the civil penalty, the SEC said.
The leading U.S. market watchdog has filed a handful of other cybersecurity disclosure cases, including its nearly $ 500,000 fine in 2019 from real estate legal insurance company First American and a $ 35 million settlement in 2018 to clear up allegations that Yahoo has not shared any data with investors Bruch.
In a 2018 report on companies falling victim to cyber fraud, it also warned companies that public companies must put in place robust internal controls to detect cyber threats.
Disclaimer: Fusion Media would like to remind you that the information contained on this website is not necessarily real-time or accurate. All CFDs (stocks, indices, futures) and forex prices are not provided by exchanges, but by market makers. Therefore, prices may not be accurate and may differ from the actual market price, meaning that prices are indicative and not suitable for trading purposes. Therefore, Fusion Media is not responsible for any trading losses you may incur as a result of using this data.
Fusion Media or any other person involved in Fusion Media assumes no liability for any loss or damage that might arise from reliance on the information contained on this website, including data, prices, charts and buy / sell signals. Please inform yourself comprehensively about the risks and costs associated with trading in the financial markets, as it is one of the riskiest forms of investment.