On August 16, 2021, the Securities and Exchange Commission imposed a cease-and-desist order and a $1 million civil penalty on Pearson plc, finding violations of the negligence-based antifraud provisions of the Securities Act.
The Commission’s order finds that Pearson made misleading statements and omissions about a 2018 data breach involving the theft of student data and administrator log-in credentials of 13,000 school, district and university customer accounts. The order notes that while Pearson’s periodic filings with the Commission contained risk-factor disclosure identifying that “malicious attack[s] on our systems” could result in a “‘major data privacy or confidentiality breach,’” the company re-issued that risk-disclosure language without disclosing that precisely such a major breach had occurred just a few months earlier. The SEC also found that Pearson’s response to media inquiries concerning the breach was materially misleading, because its press statement downplayed the scale and seriousness of the breach and implied that certain types of personal data may have been obtained, when Pearson knew that such data had, in fact, been stolen.
The Commission also concluded that Pearson failed to maintain disclosure controls and procedures properly designed to analyze and assess cybersecurity incidents such that management was able to make appropriate and accurate disclosure decisions.
This Commission’s order follows its June 15, 2021 order involving First American Financial we discussed here and underscores the Commission’s focus on cybersecurity disclosures, particularly when a material cyber breach is involved.
KMK Law articles and blog posts are intended to bring attention to developments in the law and are not intended as legal advice for any particular client or any particular situation. The laws/regulations and interpretations thereof are evolving and subject to change. Although we will attempt to update articles/blog posts for material changes, the article/post may not reflect changes in laws/regulations or guidance issued after the date the article/post was published. Please consult with counsel of your choice regarding any specific questions you may have.
ADVERTISING MATERIAL.
© 2023 Keating Muething & Klekamp PLL. All Rights Reserved
- Partner
Jim Kennedy practices in the Business Representation & Transactions Group. The focus of his practice is corporate, securities, and financing law, where he has extensive experience in mergers, acquisitions and ...
- Partner
Mark Reuter advocates for business clients in transactions, proceedings and conflicts regulated by federal and state securities laws and stock exchange rules. A partner in the firm’s Business Representation & Transaction ...
- Partner
As a partner in the firm’s Business Representation & Transactions Group, Allie Westfall’s insight and proven analytical skills help translate the complexities of the often-challenging securities laws. Allie’s counsel ...
- Partner
Chris Brinkman practices in the firm's Business Representation & Transactions Group with a concentration in venture capital transactions, start-ups & growth companies, securities, and mergers and acquisitions.
Chris ...
- Associate
Michael Goldman counsels businesses and investors on a broad range of general corporate transactions, with a particular focus on the sports and entertainment industry and commercial transactions involving technology ...
Topics/Tags
Select- Securities Law
- Securities Regulation
- SEC
- Corporate Transparency Act
- Corporate Law
- Clawback Rules
- Nasdaq
- SEC Enforcement
- Coronavirus
- Cybersecurity and Privacy Law
- Mergers & Acquisitions
- Dodd-Frank
- Tax Planning
- IRS
- Economic Sanctions
- Paycheck Protection Program
- Ohio LLC Act
- Corporate Tax
- JOBS Act
- FAST Act
- Corporate Governance
- Proxy Access Rules
- Securities Litigation
- Consumer Protection Act
- Cybersecurity Regulation
- Crowdfunding
- Cryptocurrency
- Hedging
- Conflict Minerals
- Real Estate Law
- Emerging Growth Companies
- Investors
- Taxation
- Pay Ratio Disclosure
- Private Offerings
- Whistleblower
- Intellectual Property
- Technology
- LIBOR
- Opportunity Zone
- Accredited Investors
- Sales Tax
- United States Supreme Court
- Executive Compensation
- Health Care Act
- Online Trading Platforms
- IPO
- Registration Statement
- Wall Street Reform
- Annual Reports
- Ohio Foreclosure Reform
- Director Compensation
- Family-Controlled Entities
- Gift and Estate Transfers
- Board of Directors
- Director Independence
- Cyber Insurance
- Data Breach
- Regulation A
- Regulation D
- Total Shareholder Return
- Lenders
- Receivership Statute
- Compensation Committee Certification
- CDEs
- CDFI Fund
- Community Development Entities
- Community Development Financial Institutions Fund
- Government Shutdown
- New Markets Tax Credit
- NMTC
- NMTC Financing
- Regulation Fair Disclosure
- Social Media
- Benefits
- Healthcare Reform
- Litigation
- Marketing
- Public Company Transition Rules
- Employment Incentives
- HIRE Act
- Social Security Tax
- Tax Credit
Recent Posts
- FinCEN Extends the Corporate Transparency Act Reporting Deadline for Newly Created Entities
- SEC Postpones Share Repurchase Modernization Disclosure Rules
- Effective Date of SEC Clawback Rule Finally In Sight
- SEC Sued Over Newly Adopted Share Repurchase Rules
- SEC Extends Period to Act on Exchange Clawback Rules
- SEC Charges Public Company for Misleading Non-GAAP Disclosures
- NYSE and Nasdaq Propose Clawback Listing Standards: What You Need to Know
- Corporate Transparency Act Update – FinCEN Issues Notice of Proposed Rulemaking
- SEC Amends Insider Trading Rules: New Conditions, Requirements, and Related Disclosures
- SEC Reopens Comment Period for 11 Proposed Rules Due to Technological Error