Pearson

Pearson, an education services giant, recently suffered a cyberattack in January 2025. Hackers obtained access to the company's development environment using an exposed GitLab Personal Access token found in a public .git/config file. The attackers exploited this access to find more login credentials hardcoded in the source code, infiltrating the company’s network and stealing corporate and customer information. Pearson confirmed the breach but downplayed its significance, stating that the stolen data was largely 'legacy data'. The company did not specify the extent of the data breach or the number of affected individuals. However, it was confirmed that no employee information was compromised. Pearson has taken steps to enhance security monitoring and authentication, and is supporting law enforcement's investigation.

Source: https://www.techradar.com/pro/security/textbook-and-testing-giant-pearson-hit-by-cyberattack-customer-data-leaked

TPRM report: https://scoringcyber.rankiteo.com/company/pearson

"id": "pea908050925",
"linkid": "pearson",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Education',
                        'name': 'Pearson',
                        'type': 'Education Services Company'}],
 'attack_vector': 'Exposed GitLab Personal Access token',
 'data_breach': {'data_exfiltration': True,
                 'sensitivity_of_data': 'Legacy data',
                 'type_of_data_compromised': ['Corporate information',
                                              'Customer information']},
 'date_detected': '2025-01-01',
 'description': 'Pearson suffered a cyberattack in January 2025 where hackers '
                "gained access to the company's development environment using "
                'an exposed GitLab Personal Access token. They exploited this '
                'access to find more login credentials hardcoded in the source '
                'code, infiltrating the company’s network and stealing '
                'corporate and customer information.',
 'impact': {'data_compromised': ['Corporate information',
                                 'Customer information'],
            'systems_affected': ['Development environment']},
 'initial_access_broker': {'entry_point': 'Exposed GitLab Personal Access '
                                          'token'},
 'investigation_status': 'Ongoing',
 'motivation': 'Data theft',
 'post_incident_analysis': {'corrective_actions': ['Enhanced security '
                                                   'monitoring',
                                                   'Authentication '
                                                   'enhancements'],
                            'root_causes': ['Exposed GitLab Personal Access '
                                            'token',
                                            'Hardcoded login credentials in '
                                            'the source code']},
 'response': {'enhanced_monitoring': True,
              'law_enforcement_notified': True,
              'remediation_measures': ['Enhanced security monitoring',
                                       'Authentication enhancements']},
 'threat_actor': 'Unknown',
 'title': 'Pearson Education Services Cyberattack',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Hardcoded login credentials in the source code'}