EdTech Company Pearson & SK Telecom Face Hacks As Meta Beats Spyware Firm NSO

It’s true that cybersecurity companies are consistently upgrading their offerings to keep businesses and governments protected, but it’s also true that cybercriminals are relentlessly pursuing vulnerabilities in such systems and looking for other cracks to exploit.

Every now and then, we hear about another company that’s faced a cyberattack, either through malware, ransomware, phishing scams, browser or network flaws, or data breaches that result in leaks.

Recently, we covered the misfortunes of Marks & Spencer that shut down numerous stores and online shopping operations—one that’s still causing mayhem within the U.K.-based retailer’s systems. In this incident’s latest update, members of the DragonForce ransomware group claimed responsibility for the attack.

In another instance, education technology (EdTech) company PowerSchool saw a negotiation with hackers backfire. The company was reported to have paid a ransomware group to delete stolen data, but instead the hackers took the money and began going after PowerSchool’s customers, including individual school districts in Toronto and North Carolina.

It seems even hackers can’t be trusted nowadays, huh?

Keeping to the same industry, education firm Pearson was hit by a cyberattack in which a bad actor “downloaded largely legacy data,” as per a company release addressing the incident.

It’s believed that the attackers made away with corporate data and customer information. However, the company confirmed that no employee data was compromised and didn’t impact its business operations.

“Once we identified the activity, we took steps to stop it and investigate what happened and what data was affected with forensics experts,” said Pearson. “We have taken steps to deploy additional safeguards onto our systems, including enhancing security monitoring and authentication. We are continuing to investigate, but at this time we believe the actor downloaded largely legacy data. We will be sharing additional information directly with customers and partners as appropriate.”

U.K.-based Pearson is one of the world’s largest providers of academic materials, both digital and physical, and has partnerships with schools, universities, and other educational institutions in over 70 countries.

In January 2025, Pearson's developer environment was hit by threat actors via an exposed GitLab token in a public .git/config file, enabling access to source code with hard-coded credentials.

The bad actors stole terabytes of data, which included customer information and financials, from Pearson's internal network and cloud platforms like AWS and Salesforce. As a result, Pearson began investigating a breach at its subsidiary PDRI, which is believed to be related to this attack.

When asked if the company paid a ransom, data details, customer notifications, and other details about the attack, the company declined to comment.


On the other side of the world, South Korea’s telco giant SK Telecom (SKT) faced an attack that saw the personal data of around 23 million customers being stolen.

Fun fact: South Korea’s population is 52 million, meaning the attack hit almost 50% of the country’s residents.

As per the company’s CEO, Young-sang Ryu, the company has already lost 250,000 users to competitors, and the number is expected to grow to 2.5 million. Additionally, SKT could face losses of up to $5 billion (around ₩7 trillion) over three years if it doesn’t charge cancellation fees for people switching before their contracts expire.

“SK Telecom considers this incident the most severe security breach in the company’s history and is putting forth our utmost effort to minimize any damage to our customers,” an SKT spokesperson told TechCrunch. “The number of customers affected and the entity responsible for the hacking is under investigation.” 

SKT detected suspicious activity on April 18, 2019, identified a data breach a day later, and informed Korea’s cybersecurity agency the following day. By April 28, SKT began replacing mobile SIM cards of the affected users, and by April 30, the South Korean police began investigating.

May 1 saw the mention of Ivanti VPN equipment linking the recent data breach to China-backed hackers, and companies being told to replace the service. According to TeamT5, the vulnerability could impact numerous global organizations, affecting twenty industries, spanning automotive, chemical, financial, legal, media, telecom, and others, across 12 countries, including the United States, Australia, and more.

A team of public and private investigators found eight more types of malware in SKT’s systems by May 6, and on the following day, Tae-won Chey, the chairman of SK Group, publicly apologized for the first time.


Cybercrime has risen so much that even ransomware groups are not safe.

LockBit, a cybercriminal group whose ransomware-as-a-service earned it the title “Walmart of ransomware groups,” suffered a breach of its own, resulting in some connected dark web sites going offline.

Could that be called a win for the good guys, or is it debatable?

In a more concrete win—courtesy of Californian courts—Meta won a $168 million verdict against the Israel-based surveillance company NSO Group AKA Q Cyber Technologies, which is known for its flagship spyware Pegasus.

While the verdict follows a December ruling that declared NSO had illegally exploited a bug in Meta’s WhatsApp to plant spyware on users’ phones, the new order determined NSO had to pay Meta $444,719 in compensatory damages and $167.3 million in punitive damages.

This legal battle began six years ago, when Meta’s engineers detected and stopped an attack by NSO, which was using its spyware tool Pegasus to target over a thousand WhatsApp users, such as human rights activists, journalists, diplomats, and others in civil society.

“This trial put spyware executives on the stand and exposed exactly how their surveillance-for-hire system–shrouded in so much secrecy–operates,” reads Meta’s statement. “This trial also revealed that WhatsApp was far from NSO’s only target. While we stopped the attack vector that exploited our calling system in 2019, Pegasus has had many other spyware installation methods to exploit other companies’ technologies to manipulate people’s devices into downloading malicious code and compromising their phones.”

Through the trial, NSO was forced to admit that it spends tens of millions of dollars annually to develop malware installation methods, and can hit devices even today.

forced to admit that it spends tens of millions of dollars annually to develop malware installation methods, including through instant messaging, browsers, and operating systems, and that its spyware is capable of compromising iOS or Android devices to this day. 

NSO said it would examine the verdict’s details and pursue further legal action, including an appeal.


It seems even cybercrime has morally grey areas.

What do you think cybersecurity companies can do to enhance protection for businesses, governments, and individuals?

Let us know in the comments below!