Education software company Pearson, exposed data on at least 100,000 students across more than 13,000 schools and universities. The breach itself was in November of 2018, and discovered in March, but only announced in August, underscoring the challenges companies have with identifying, remedying and communicating breaches.
First and last names, email addresses, and dates of birth were obtained in the hack. The attack affected Pearson’s AIMSweb 1.0 system, which was already scheduled to be phased out in a decision unrelated to the breach.
Here’s the press release from Pearson:
And here are some news articles on the breach: