Textbook and testing giant Pearson hit by cyberattack, customer data leaked

Cyberattack
(Image credit: Pixabay)

  • Pearson has confirmed recently suffering a cyberattack
  • The company claims hackers obtained "legacy data"
  • No threat actors claimed responsibility yet

Education services giant Pearson has confirmed suffering a cyberattack and losing customer data, but has played down the importance of the breach, suggesting the stolen data was outdated anyway.

BleepingComputer was tipped off that someone used an exposed GitLab Personal Access token to compromise Pearson’s development environment in January 2025.

The token was found in a public .git/config file, with the attackers using this access to find even more login credentials, hardcoded in the source code, which they then used to infiltrate the company’s network and steal corporate and customer information.

Chinese threat

Pearson later confirmed the news in a statement given to BleepingComputer:

"We recently discovered that an unauthorized actor gained access to a portion of our systems," the statement said.

"Once we identified the activity, we took steps to stop it and investigate what happened and what data was affected with forensics experts. We also supported law enforcement's investigation. We have taken steps to deploy additional safeguards onto our systems, including enhancing security monitoring and authentication."

Then, the company hinted that the data might not be as valuable: "We are continuing to investigate, but at this time we believe the actor downloaded largely legacy data. We will be sharing additional information directly with customers and partners as appropriate."

There was no employee information among the stolen files, it was confirmed. Pearson did not want to say how many people were affected by the incident, or what kind of information was exposed in this “legacy data”.

Unfortunately, leaving sensitive information in Git projects configuration files is nothing new, and criminals know it. In a recent analysis published by security pros GreyNoise, it was said that cybercriminals have ramped up their scanning for exposed Git configuration files, as they hunted for vulnerable organizations in Singapore.

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.