Karimi & Associates Law Firm presents according to Jurist:
The U.S. Securities and Exchange Commission (SEC) announced a $1 million fine against Pearson PLC, an educational and publishing company based in London, after finding that the company made misleading statements about the data breach that involved the theft of thousands of student records and personal information. The data breach occurred in 2018 when hackers obtained student and administrator data from 13,000 Pearson accounts.
SEC has stated that “in July 2019, Pearson referred to a data privacy incident as a hypothetical risk, when, in fact, the 2018 cyber intrusion had already occurred.” In other words, Pearson understated the extent and scope of the incident as “unauthorized access” and “exposure of data” stating that it had “no evidence that this information has been misused…”. Moreover, it took the company 6 months to fix its cybersecurity system after the company was aware of the problem.
The SEC order found that Pearson violated articles 17(a)(2) and 17(a)(3) of the Securities Act of 1933, article 13(a) of the Securities Act of 1934 and Rules 12b-20, 13a-15(a), and 13a-16 promulgated under those Acts. Pearson agreed to cease and desist from committing further violations of these provisions and pay the $1 million fine without admitting or denying the SEC’s findings. The fine is due within 10 days of the order.