On August 16, 2021, the Securities and Exchange Commission imposed a cease-and-desist order and a $1 million civil penalty on Pearson plc, finding violations of the negligence-based antifraud provisions of the Securities Act.
The Commission’s order finds that Pearson made misleading statements and omissions about a 2018 data breach involving the theft of student data and administrator log-in credentials of 13,000 school, district and university customer accounts. The order notes that while Pearson’s periodic filings with the Commission contained risk-factor disclosure identifying that “malicious attack[s] on our systems” could result in a “‘major data privacy or confidentiality breach,’” the company re-issued that risk-disclosure language without disclosing that precisely such a major breach had occurred just a few months earlier. The SEC also found that Pearson’s response to media inquiries concerning the breach was materially misleading, because its press statement downplayed the scale and seriousness of the breach and implied that certain types of personal data may have been obtained, when Pearson knew that such data had, in fact, been stolen.
The Commission also concluded that Pearson failed to maintain disclosure controls and procedures properly designed to analyze and assess cybersecurity incidents such that management was able to make appropriate and accurate disclosure decisions.
This Commission’s order follows its June 15, 2021 order involving First American Financial we discussed here and underscores the Commission’s focus on cybersecurity disclosures, particularly when a material cyber breach is involved.
KMK Law articles and blog posts are intended to bring attention to developments in the law and are not intended as legal advice for any particular client or any particular situation. The laws/regulations and interpretations thereof are evolving and subject to change. Although we will attempt to update articles/blog posts for material changes, the article/post may not reflect changes in laws/regulations or guidance issued after the date the article/post was published. Please consult with counsel of your choice regarding any specific questions you may have.
ADVERTISING MATERIAL.
© 2025 Keating Muething & Klekamp PLL. All Rights Reserved
PartnerMark Reuter advocates for business clients in transactions, proceedings and conflicts regulated by federal and state securities laws and stock exchange rules. A partner in the firm’s Business Representation & Transactions ...
PartnerAs a partner in the firm’s Business Representation & Transactions Group, Allie Westfall’s insight and proven analytical skills help translate the complexities of the often-challenging securities laws. Allie’s counsel ...
PartnerChris Brinkman practices in the firm's Business Representation & Transactions Group with a concentration in venture capital transactions, start-ups & growth companies, securities, and mergers and acquisitions.
Chris ...
AssociateMichael Goldman counsels businesses and investors on a broad range of general corporate transactions, with a particular focus on the sports and entertainment industry, complex commercial contracts involving unique economic ...
Subscribe
RSS Feed
Follow us on Facebook
Follow us on Twitter
Follow us on LinkedInTopics/Tags
Select- SEC
- Securities Law
- Clawback Rules
- Cybersecurity and Privacy Law
- Corporate Transparency Act
- Securities Regulation
- Nasdaq
- Corporate Law
- IRS
- EDGAR
- EDGAR Next
- Cybersecurity Regulation
- Coronavirus
- Tax Planning
- SEC Enforcement
- Taxation
- Dodd-Frank
- Mergers & Acquisitions
- Paycheck Protection Program
- JOBS Act
- Corporate Tax
- Corporate Governance
- FAST Act
- Economic Sanctions
- Ohio LLC Act
- Consumer Protection Act
- Proxy Access Rules
- Securities Litigation
- Crowdfunding
- Conflict Minerals
- Cryptocurrency
- Hedging
- Real Estate Law
- Emerging Growth Companies
- Investors
- Pay Ratio Disclosure
- Whistleblower
- Private Offerings
- Intellectual Property
- Technology
- Opportunity Zone
- LIBOR
- Executive Compensation
- Health Care Act
- Accredited Investors
- Sales Tax
- United States Supreme Court
- Online Trading Platforms
- Wall Street Reform
- IPO
- Registration Statement
- Annual Reports
- Ohio Foreclosure Reform
- Director Compensation
- Family-Controlled Entities
- Gift and Estate Transfers
- Board of Directors
- Director Independence
- Cyber Insurance
- Data Breach
- Lenders
- Receivership Statute
- Regulation A
- Regulation D
- Total Shareholder Return
- Compensation Committee Certification
- Government Shutdown
- CDEs
- CDFI Fund
- Community Development Entities
- Community Development Financial Institutions Fund
- New Markets Tax Credit
- NMTC
- NMTC Financing
- Regulation Fair Disclosure
- Social Media
- Marketing
- Benefits
- Healthcare Reform
- Litigation
- Public Company Transition Rules
- Employment Incentives
- HIRE Act
- Social Security Tax
- Tax Credit
Recent Posts
- Checking the Box(es): SEC Issues New Guidance Clarifying Clawback Expectations
- Pay vs. Performance and Cybersecurity Disclosure Rules: Will the SEC Retract Rulemaking?
- Corporate Transparency Act Update: FinCEN Eliminates Reporting Obligations for U.S. Companies and U.S. Persons
- Corporate Transparency Act Update: FinCEN Will Not Enforce the CTA Until Interim Rule is Effective
- Corporate Transparency Act Update: Injunction Lifted - Corporate Transparency Act Back in Effect
- Corporate Transparency Act Update: FinCEN Says Reporting Obligations Remain On Hold
- Next Up in 2025: EDGAR Next
- Corporate Transparency Act Update: Supreme Court Stays Nationwide Injunction – CTA Reporting Obligations Back in Effect
- Corporate Transparency Act Updates: Fifth Circuit Vacates the Stay and Preliminary Injunction Reinstated
- Corporate Transparency Act Reporting Deadline Back in Effect; FinCEN Grants Deadline Extension