Lawrence Abrams reports:
Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned.
Pearson is a UK-based education company and one of the world’s largest providers of academic publishing, digital learning tools, and standardized assessments. The company works with schools, universities, and individuals in over 70 countries through its print and online services.
In a statement to BleepingComputer, Pearson confirmed they suffered a cyberattack and that data was stolen, but stated it was mostly “legacy data.”
“[…]
This statement comes after sources told BleepingComputer that threat actors compromised Pearson’s developer environment in January 2025 through an exposed GitLab Personal Access Token (PAT) found in a public .git/config file.
Read more at BleepingComputer.
So far, no one has disclosed whether the threat actor(s) behind the PowerSchool attack were also responsible for this Pearson attack.