Education giant Piercene faced a cyberlack, allowing danger actors to steal corporate data and customer information, by BlappingCopper.
Piercene is a UK-based education company and is one of the largest providers of the world’s largest academic publication, digital learning equipment and standardized assessment. The company works with schools, universities and individuals in more than 70 countries through its print and online services.
In a statement by bleepingcomputer, Pierceon confirmed that he faced a cyber attack and the data was stolen, but said it was mostly “heritage data”.
“We recently discovered that an unauthorized actor had access to a part of our system,” a piercen representative confirmed BleepingCoper.
“Once we identify the activity, we took steps to stop it and investigated what happened and what data was affected with forensic experts. We also supported the investigation of law enforcement. We have taken steps to deploy additional security measures on our system, including increasing security monitoring and authentication.”
“We are continuing the investigation, but at this time we believe that the actor has downloaded a large -scale heritage data. We will share additional information directly with customers and partners.”
Piercene also confirmed that the stolen data did not include the information of the employee.
Do you know about this or any other cyber attack? If you want to share the information, you can safely and confidentially contact the signal on lawrensa.11, lawrence.abrams@bleepingcomputer.com via email, or using our tips form.
A exposed gitlab token
The statement came after sources that Bleepingcomputer stated that the danger actors tied up with the developer environment of Pearson in January 2025, which is through a exposed Gitlab individual access token (PAT) found in a public .git/Config file.
A .GIT/Config file is a local configuration file used by GIT projects to store configuration settings, such as project names, email addresses and other information. If this file is accidentally exposed and has an embedded access tokens in the remote URL, it may give the attackers unauthorized for internal repository.
In the attack on Pearson, the exposed token allowed the danger actors to reach the company’s source code, which included the cloud platform and for the hard-coded credentials and authentication tokens.
In the next months, the threatening actor allegedly used these credentials to steal terabytes of data from the company’s internal network and cloud infrastructure, including AWS, Google Cloud and various cloud-based database services such as snowflakes and cellsforce CRM.
This stolen data allegedly includes customer information, financial, support tickets and source codes, in which millions of people are affected.
However, when BlappingCopper asked Pearson if he had paid the ransom, what they mean “Heritage Data”, how many customers were affected, and if customers would be informed, the company replied that they would not comment on these questions.
Piercene Was disclosed earlier In January that he was investigating the violation of one of his subsidiaries, PDRIs, which is considered to be related to this attack.
Git configuration files have become a common method for danger actors for scanning and exposed credentials cloud services.
Last year, the Internet Archive was violated by the danger actors after discovering an exposed GIT configuration file containing a certification token for the company’s Gitlab repository.
For this reason, it is important to secure the “.GIT/Config” files by stopping public access and embedding credentials in remote URLs.
Based on the analysis of 14M malicious tasks, search for the top 10 MITERAT & CK techniques behind the 93% attacks and how to defend them against them.
