Nowadays, no company is completely safe from cyberattacks. IT security audit specialists report that UK-based education software company Pearson warns its customers about a data breach that has compromised the records of more than 13k students in the US, affecting AimsWeb (assessment and teaching support software) accounts at dozens of American academic institutions.
The British company was notified on the breach by
the FBI a couple of months ago, local press reports. During the incident,
multiple personal details were leaked, including:
- Full
names - Birth dates
- Email addresses
After receiving the notice and conducting an
internal IT security audit, the company began notifying its customers, advising
them to implement some cybersecurity measures. “The security of your
information is highly important to us; our experts have analyzed this incident
in order to detect and fix the vulnerability that enabled the data
breach,” Pearson’s notice says.
“As a precaution, we are notifying
affected customers; we want to emphasize that so far there is no evidence of
misuse of the compromised information,” the email says. “We want to
apologize to affected users, and we also offer information monitoring services
at no cost to the victims of the incident.” This is all the information
the company has revealed about the data breach.
According to IT security audit specialists,
Pearson is not the only company that has recently fallen victim to a data
breach. A few days ago, U.S.-based financial firm Capital One revealed a data
breach in which information was compromised from about 100 million users in the
U.S. and Canada.
In additional details, Capital
One confirmed the leak of more than 100k social security numbers and
more than 80k credit card numbers in the U.S. alone. Moreover, more than 1
million social security data of Canadian citizens was also exposed by hackers.
Specialists from the International Institute of
Cyber Security (IICS) reported in past days the emergence of various security
flaws in iMessage, an application for Apple devices that exposes stored information
to data breach incidents similar to those recently occurred in Pearson and
Capital One; the company has apparently not acknowledged the existence of these
flaws, so they remain unpatched.
As if that wasn’t enough, threat actors could
abuse these flaws to remotely access a locked file or device, and no user
interaction is required for exploitation, making them critical security
vulnerabilities.
