Wilson's Media

A Tech & Gaming Blog

Textbook and testing giant Pearson hit by cyberattack, customer data leaked

  • Pearson has confirmed recently suffering a cyberattack
  • The company claims hackers obtained “legacy data”
  • No threat actors claimed responsibility yet

Education services giant Pearson has confirmed suffering a cyberattack and losing customer data, but has played down the importance of the breach, suggesting the stolen data was outdated anyway.

BleepingComputer was tipped off that someone used an exposed GitLab Personal Access token to compromise Pearson’s development environment in January 2025.

The token was found in a public .git/config file, with the attackers using this access to find even more login credentials, hardcoded in the source code, which they then used to infiltrate the company’s network and steal corporate and customer information.

Chinese threat

Pearson later confirmed the news in a statement given to BleepingComputer:

“We recently discovered that an unauthorized actor gained access to a portion of our systems,” the statement said.

“Once we identified the activity, we took steps to stop it and investigate what happened and what data was affected with forensics experts. We also supported law enforcement’s investigation. We have taken steps to deploy additional safeguards onto our systems, including enhancing security monitoring and authentication.”

Then, the company hinted that the data might not be as valuable: “We are continuing to investigate, but at this time we believe the actor downloaded largely legacy data. We will be sharing additional information directly with customers and partners as appropriate.”

There was no employee information among the stolen files, it was confirmed. Pearson did not want to say how many people were affected by the incident, or what kind of information was exposed in this “legacy data”.

Unfortunately, leaving sensitive information in Git projects configuration files is nothing new, and criminals know it. In a recent analysis published by security pros GreyNoise, it was said that cybercriminals have ramped up their scanning for exposed Git configuration files, as they hunted for vulnerable organizations in Singapore.

You might also like


Source

Pearson has confirmed recently suffering a cyberattack The company claims hackers obtained “legacy data” No threat actors claimed responsibility yet Education services giant Pearson has confirmed suffering a cyberattack and losing customer data, but has played down the importance of the breach, suggesting the stolen data was outdated anyway. BleepingComputer…

Tags: ,
Previous Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Archives