Educational Technology: When the Software Fails the Test

Context
Your company’s outdated educational software was hacked, exposing personal data of over 13,000 students. While no financial details were leaked, the breach affected names, birthdates, and emails—some dating back 15 years.
Dilemma
A) Publicly disclose the breach immediately, invest 20% of profits in a cybersecurity overhaul, and allow students to opt-out of data collection.
B) Quietly patch systems without public announcement, offer minimal credit monitoring, and blame "external actors" in press releases.
Summary
Pearson, a British educational publisher, suffered a data breach affecting over 13,000 students due to a vulnerability in its system. The FBI informed Pearson of the breach in March 2019, though it occurred in late 2018. The breach exposed names, birthdates, and emails but not Social Security or financial data. While Pearson addressed the vulnerability and shut down the system, it denied the closure was due to the breach. The company alerted affected individuals, apologized, and offered free credit monitoring, emphasizing its commitment to data protection despite no evidence of misuse.
Resources:
Last modified: | 06 June 2025 2.33 p.m. |