Data breach at biz that manages Cisco, F5 certs plus many others
Pearson VUE says credentials manager product affected
Technology certification management provider Pearson VUE has copped to a computer security breach after malware compromised its Credential Manager System.
The Pearson Credential Manager (PCM) system supports a number of companies' certification tracking programmes, including network hardware outfits Cisco and F5. Pearson VUE stated that an "unauthorised third party improperly accessed certain information related to a limited set of our users."
El Reg reader Oliver Jones, who tipped us off about the breach, had been trying to follow a certification with Cisco's tracking system, which is supported by Pearson VUE, and then found it had been down for more than a week.
Since at least 14 November, Cisco's tracking system had claimed it was down for "site maintenance". On Saturday, however, Cisco copped to the Pearson VUE incident and stated its tracking system "will remain down until further notice".
Cisco added that "at this time, we believe that the compromised information, as it relates to individuals who have taken exams for and hold Cisco certifications, is limited to: name, mailing address, email address and phone number".
The Borg suggested it wasn't the worst hit, however, "so, while you may see reports of additional types of personal information being potentially compromised on the PCM platform, we have been informed that this is not the case with respect to the Cisco certification user profiles".
Pearson VUE has stated there was "no indication that any other systems [than the PCM system] have been affected" and suggested other customers need not worry.
While the company doesn't believe US Social Security numbers were spaffed – nor "full" payment card information – it acknowledged that the PCM system is "custom designed to fit specific customer requirements," and so attempts to "understand how this issue may have affected each of our customers" are continuing.
"It is important to note that not all system users provided all of the affected data elements," according to Pearson.
The Register has attempted to contact Pearson VUE for comment, and was forwarded through to the press office by reception in its London office. There has been no answer so far. ®
Editor's note: This story was revised after publication to clarify the companies involved. Microsoft, although a partner of Pearson, says it is not affected by the security breach. "Microsoft does not utilize Pearson VUE's PCM system. We manage our own certification program and candidate data. This data breach does not affect any Microsoft Certified Professional," a Redmond exec told us.
Sponsored: Becoming a Pragmatic Security Leader