Pearson is facing a class action lawsuit in the US after 13,000 of its school and university student accounts were accessed by hackers.
A court filing claims one million students were affected by the data breach and the company did not have adequate safeguards in place.
It also accuses Pearson of not spotting the November 2018 breach for around four months, before the FBI informed it in March this year.
The filing, on behalf of an Illinois woman and her daughter, goes on: ““Even then, Pearson concealed its knowledge of the breach from students and their guardians until July 2019 when Pearson Clinical finally notified impacted schools and released a public statement.
“In disclosing the Data Breach, Defendants concealed the true extent of the breach to minimise the impact on their reputations.”
The cyber-attack hit students with AIMSweb 1.0 accounts, a system that keeps track of pupils’ academic progress through assessment.
Pearson said it could not comment on the court case, but pointed to its previous statement on the issue. It said: “Pearson Clinical Assessments notified affected customers of unauthorized access to approximately 13,000 school and university AIMSweb 1.0 accounts. The exposed data was isolated to first name, last name, and in some instances may include date of birth and/or email address. Protecting our customers’ information is of critical importance to us. We have strict data protections in place and have reviewed this incident, found and fixed the vulnerability.
"While we have no evidence that this information has been misused, we have notified the affected customers as a precaution. We apologize to those affected and are offering complimentary credit monitoring services as a precautionary measure."