- Pearson recently confirmed a cyber attack
- The company claims that hackers have obtained “inherited data”
- No threat actor has yet claimed responsibility
The education giant Pearson has confirmed the suffering of a cyber attack and the loss of customer data, but played the importance of the violation, suggesting that the stolen data has in any case been exceeded.
Bleeping Compompute It was indicated that someone used a Gitlab Personal Access token to compromise the Pearson development environment in January 2025.
The token was found in a .git / config public file, the attackers using this access to find even more connection identification, coded in the source code, which they then used to infiltrate the company’s network and steal business and customer information.
Chinese threat
Pearson then confirmed the news in a press release given to Bleeping Compompute::
“We recently discovered that an unauthorized actor had access to part of our systems,” the statement said.
“Once we have identified the activity, we have taken measures to stop it and investigate what happened and what data was affected by legal medicine experts. We have also supported the survey of the law application. We have taken measures to deploy additional guarantees on our systems, in particular the improvement of monitoring and authentication of security.”
Then, the company suggested that the data might not be as precious: “We continue to investigate, but for the moment, we believe that the actor has downloaded largely inherited data. We will share additional information with customers and partners directly, if necessary.”
There was no information by employees among stolen files, it was confirmed. Pearson did not mean how many people were affected by the incident, or what type of information was exposed in these “inherited data”.
Unfortunately, leaving sensitive information in the Git projects configuration files is nothing new, and criminals know it. In a recent analysis published by the Greynoise security pros, it has been said that cybercriminals increased their scanning for exposed Git configuration files, while they were chasing vulnerable organizations in Singapore.
