Pearson VUE’s Credential Management System Has Been Compromised
Pearson VUE, who manages the certification programs for a large number of IT vendors like Cisco and EMC, has announced that their credential system has been the successful target of an attack. The attackers were able to compromise and access information related to a subset of users.
The company says that the hack is limited and does not impact the integrity of the testing system, K-12 assessment testing, or other systems. The company is still assessing the scope of the damage, but they do not believe that vital information such as Social Security or credit card payment information was compromised; Pearson VUE is working with law enforcement and forensic experts to assess the damage.
While the investigation progresses, access to the credential system is offline.
Various sources have reported that many of the credential management systems that Pearson VUE manages have been offline for the last few days, with the company finally making an announcement on Monday.
In a blog post, Cisco (who uses the PCM platform to track members of the CCNA, CCNP and CCIE programs) explains they believe that the leakage is limited to the holders name, mailing address, email address and phone number.
“While you may see reports of additional types of personal information being potentially compromised on the PCM platform, we have been informed that this is not the case with respect to the Cisco certification user profiles,” said Chris Jacobs, the director of Cisco’s certifications program.
Testing for vendor programs, like Cisco, that are impacted will continue while access to the tracking system is down. Pearson VUE has not given any timeline for when access to the tracking system will be available again; the company is offering identity protection to affected candidates for one-year at no cost.
More in Security
Petri Dish: Cybersecurity vs IT Security with Devolutions
Sep 28, 2022 | Russell Smith
Stop MFA Fatigue with Additional Context and Number Matching for Microsoft Authenticator
Sep 22, 2022 | Rabia Noureen
Researchers Warn About New Shikitega Malware Targeting Linux Endpoints and IoT Devices
Sep 12, 2022 | Rabia Noureen
LastPass Confirms Internal Source Code Compromised in Security Breach
Aug 26, 2022 | Rabia Noureen
Avast Gets New Ransomware Shield to Protect Small Businesses
Aug 24, 2022 | Rabia Noureen
Mandiant Warns Hackers Now Use New Trick to Bypass MFA
Aug 22, 2022 | Rabia Noureen
Most popular on petri