Security

Pearson VUE's Credential Management System Has Been Compromised

infosec

Pearson VUE, who manages the certification programs for a large number of IT vendors like Cisco and EMC, has announced that their credential system has been the successful target of an attack. The attackers were able to compromise and access information related to a subset of users.

The company says that the hack is limited and does not impact the integrity of the testing system, K-12 assessment testing, or other systems. The company is still assessing the scope of the damage, but they do not believe that vital information such as Social Security or credit card payment information was compromised; Pearson VUE is working with law enforcement and forensic experts to assess the damage.

While the investigation progresses, access to the credential system is offline.

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

Various sources have reported that many of the credential management systems that Pearson VUE manages have been offline for the last few days, with the company finally making an announcement on Monday.

In a blog post, Cisco (who uses the PCM platform to track members of the CCNA, CCNP and CCIE programs) explains they believe that the leakage is limited to the holders name, mailing address, email address and phone number.

“While you may see reports of additional types of personal information being  potentially compromised on the PCM platform, we have been informed that this is  not the case with respect to the Cisco certification user profiles,” said Chris Jacobs, the director of Cisco’s certifications program.

Testing for vendor programs, like Cisco, that are impacted will continue while access to the tracking system is down. Pearson VUE has not given any timeline for when access to the tracking system will be available again; the company is offering identity protection to affected candidates for one-year at no cost.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: