UK-based education giant Pearson has confirmed a significant cyberattack that exposed sensitive customer data, internal corporate information, and cloud infrastructure, BleepingComputer reported on Thursday.
In a statement, Pearson acknowledged the breach, stating that an unauthorized actor had accessed part of their systems and downloaded what the company described as "largely legacy data."
While employee data was not affected, customer and partner data may have been compromised.
The company is still investigating the scope of the breach.
The breach reportedly stems from an exposed GitLab Personal Access Token (PAT) found in a public .git/config file, which granted attackers access to Pearson’s internal source code and hard-coded credentials for AWS, Google Cloud, and Salesforce CRM.
According to sources, the attackers used the access to extract terabytes of data, including customer records, financial documents, support tickets, and internal cloud data — potentially impacting millions of users worldwide.
Pearson stated they have involved law enforcement and deployed new security measures, including improved monitoring and authentication protocols.
However, the company declined to comment on whether a ransom was paid or how many customers were affected.
The incident is reportedly linked to a January breach of Pearson’s subsidiary PDRI, suggesting the attack may have unfolded over several months.
Security researchers warn that exposed Git configuration files and embedded access tokens remain a growing vulnerability for companies using cloud services.
COMMENTS
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ