On August 16, 2021, the SEC charged Pearson plc with misleading investors and failing to maintain adequate disclosure controls and procedures in connection with a cybersecurity incident. According to the SEC’s order, Pearson learned in March 2019 about an intrusion involving the exfiltration of millions of rows of student data, including names and some birthdates and email addresses, as well as usernames and hashed passwords for school personnel.