Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Pearson To Pay $1 Million Fine for Misleading Investors About 2018 Data Breach (techcrunch.com) 15

Pearson, a London-based publishing and education giant that provides software to schools and universities has agreed to pay $1 million to settle charges that it misled investors about a 2018 data breach resulting in the theft of millions of student records. From a report: The U.S. Securities and Exchange Commission announced the settlement on Monday after the agency found that Pearson made "misleading statements and omissions" about its 2018 data breach, which saw millions of student usernames and scrambled passwords stolen, along with the administrator login credentials of 13,000 schools, district and university customer accounts.

The agency said that in Person's semi-annual review filed in July 2019, the company referred to the incident as a "hypothetical risk," even after the data breach had happened. Similarly, in a statement that same month, Pearson said the breach may include dates of birth and email addresses, when it knew that such records were stolen, according to the SEC. Pearson also said that it had "strict protections" in place when it actually took the company six months to patch the vulnerability after it was notified.

This discussion has been archived. No new comments can be posted.

Pearson To Pay $1 Million Fine for Misleading Investors About 2018 Data Breach

Comments Filter:
  • Am I the only one to find it odd that a regulator, in order to bring justice to investors, is applying a fine that will reduce the equity of the company, and thus harm investors further? Or am I missing something and this fine will actually be distributed to investors?

    • by dfm3 ( 830843 )
      Two possibilities:

      1) Investors hate being lied to, especially if it means they are screwed out of money. That's why the SEC exists as a deterrent to such behavior.

      2) It could be that the $1M was simply considered a cost of doing business, either less than the profits the act generated or low enough that it's worth the risk of getting caught.
    • Really? That is your take on this?

      It is not about protecting the investors of one company; it's about corporate accountability and maintaining some semblance of order and propriety across the investment market. Without that or at least the perception of enforcement, confidence in the market is hard to maintain.

      I am surprised criminal charges weren't pending. Pearson is walking away laughing. I wonder if they will plow some profit into IT security or if they will be another Sony and cut more non-ROI e

      • Just checked. SEC fines are generally not deductible. My bad.

      • It wasn't as much as what I take from this, but as a thought after seeing this multiple times. I am totally in favour of people accountability in this scenario, but on a simpler scope: why harm the investors further?

        Of course they can always sue, but at least they have discretion for that. The SEC, through their inverstor-protection fines, is actually harming investors further. Would be fine if they framed it as "competitors lost because of this", but this is framed as "investors were fooled so let's hurt t

        • Caveat emptor re: investors. They should take this as a signal to make changes to the CEO and directors. However, I doubt this piddly fine will affect the company dividends or share value so unlikely anyone is feeling any pain.

          It would be much better if the decision makers in the company felt the pain directly.

    • A court finding you in the wrong and making you pay a fine means that the next company that pulls that shit has already lost the battle. Precedent is a powerful thing.

  • It's a good start (Score:4, Insightful)

    by bubblyceiling ( 7940768 ) on Monday August 16, 2021 @01:13PM (#61697971)
    Companies need to be held accountable for data-breaches.
  • If Pearson the company paid the fine, that's equity the investors lost. It seems to me we need personal accountability to the lying people.

  • a $1 million dollar fine on $4.65 BILLION (USD) in revenue and $431 million in operating profit (2020 financials): https://plc.pearson.com/en-GB/... [pearson.com]
    That will stop them in the future. sure it will. it sends a message too: make enough money, you can get away with anything. The corporate oligarchy has seized all leavers of power around the globe. We're left with the patina of democracy and/or freedom
    • The current chairman of the SEC while an ex-Goldman Sachs partner, doesn't seem too bad. But some of the previous chairmen and women have been atrocious, with a special call-out to White and Clayton. If it's run anything like the UK's FSA, anyone working for it is terrified of levelling a fine or adverse judgement against any company they are investigating just in case their next boss is on secondment from said company.

  • Search the couch cushions of the directors suite, it'll be there. How about fining them proportionate to each record compromised, say, $100,000 each? YOU'VE GOT TO MAKE THE PUNISHMENT HURT OR THERE IS NO INCENTIVE TO DO BETTER.

How many hardware guys does it take to change a light bulb? "Well the diagnostics say it's fine buddy, so it's a software problem."

Working...