SEC continues focus on cybersecurity with enforcement action against London-based publisher
20 August 2021
Continuing a recent trend of using disclosure rules to police cybersecurity, on August 16, 2021 the Securities and Exchange Commission ("SEC") announced a settlement with London-based publisher Pearson PLC for a 2018 cybersecurity breach that affected the personal data of millions of students. Pearson agreed to a USD 1,000,000 fine along with an order to cease and desist from committing or causing future violations. As with another cybersecurity-related enforcement action from June, the SEC charges against Pearson were not based on inadequate cybersecurity; rather, the SEC charged Pearson for making material misstatements and omissions regarding the incident. The penalty is a reminder that companies subject to SEC oversight (including foreign issuers) must take care to ensure their public disclosures are both accurate and precise.