London based educational software maker Pearson, has revealed that thousands of school and university accounts have been compromised due to a data breach.

Users of the accounts, mostly in the United States, have since been notified and the vulnerability has been rectified.

According to the Wall Street Journal, the data breach happened in November 2018 and Pearson was notified by the Federal Bureau of Investigation in March.

School Accounts

It’s thought that unauthorized access was gained to 13,000 school and university accounts on AIMSweb, the company’s student monitoring and assessment platform.

Each account could potentially include information about thousands of students and data that was breached included date of birth, email addresses and first and last names.

The perpetrator who orchestrated this data breach is still unknown.

Pearson, one of the largest publishers of print and digital textbooks, added that it has no evidence that any of the exposed information was misused and the chances of the data being misused are low since no financial data was accessed.

Affected users will be offered free credit monitoring services as a “precautionary measure.”

The WSJ also reported that in just one school district alone the breach affected data on 114,000 students enrolled between 2001 and 2016, while in another school district, as few as 500 students had their data accessed.

Pearson told Mashable: “Pearson Clinical Assessments notified affected customers of unauthorized access to approximately 13,000 school and university AIMSweb 1.0 accounts. The exposed data was isolated to first name, last name, and in some instances may include date of birth and/or email address. Protecting our customers’ information is of critical importance to us. We have strict data protections in place and have reviewed this incident, found and fixed the vulnerability.

While we have no evidence that this information has been misused, we have notified the affected customers as a precaution. We apologize to those affected and are offering complimentary credit monitoring services as a precautionary measure.”

Capital One

The Pearson data breach revelations comes just days after Capital One disclosed a massive cyberattack that exposed sensitive information for about 100 million people in the U.S. and 6 million in Canada.

The data breach to Capital One servers in March exposed the personal information of nearly 106 million of the bank’s customers and applicants.

The hack, which included US and Canadian customers of the banking and credit card company, came a week after the settlement reached between Equifax and the Federal Trade Commission concerning a hack in 2017 that affected 147 million customers.

The breach happened between March 22 and 23, 2019, resulted in the hacker gaining access to personal information related to credit card applications from 2005 to early 2019 for consumers, applicants and small businesses.

Capital One detected the breach on July 19.

Data breached included names, addresses, dates of birth, credit scores, transaction data, Social Security numbers and linked bank account numbers. 

Last week, 33-year-old software engineer Paige A. Thompson was charged with stealing data from millions of credit card applications from the banking giant.

“Erratic”

The former Amazon software engineer — who went by the online handle “Erratic” — was arrested by the FBI.

She allegedly obtained about 140,000 Social Security numbers and 80,000 bank account numbers — though there is no evidence the material was sold or distributed to others.

Thompson, who allegedly pulled off one of the largest-ever bank-data heists ever, appeared to have exploited a vulnerability in the cloud that security experts have warned about for years.

It’s thought she was able to find an opening in Capital One’s systems and exploit a weakness in some misconfigured networks, 

She is due in court on August 15 for a detention hearing.