The Channel logo

News

By | Alexander J Martin 23rd November 2015 11:53

Data breach at biz that manages Cisco, F5 certs plus many others

Pearson VUE says credentials manager product affected

Technology certification management provider Pearson VUE has copped to a computer security breach after malware compromised its Credential Manager System.

The Pearson Credential Manager (PCM) system supports a number of companies' certification tracking programmes, including network hardware outfits Cisco and F5. Pearson VUE stated that an "unauthorised third party improperly accessed certain information related to a limited set of our users."

El Reg reader Oliver Jones, who tipped us off about the breach, had been trying to follow a certification with Cisco's tracking system, which is supported by Pearson VUE, and then found it had been down for more than a week.

Since at least 14 November, Cisco's tracking system had claimed it was down for "site maintenance". On Saturday, however, Cisco copped to the Pearson VUE incident and stated its tracking system "will remain down until further notice".

Cisco added that "at this time, we believe that the compromised information, as it relates to individuals who have taken exams for and hold Cisco certifications, is limited to: name, mailing address, email address and phone number".

The Borg suggested it wasn't the worst hit, however, "so, while you may see reports of additional types of personal information being  potentially compromised on the PCM platform, we have been informed that this is not the case with respect to the Cisco certification user profiles".

Pearson VUE has stated there was "no indication that any other systems [than the PCM system] have been affected" and suggested other customers need not worry.

While the company doesn't believe US Social Security numbers were spaffed – nor "full" payment card information – it acknowledged that the PCM system is "custom designed to fit specific customer requirements," and so attempts to "understand how this issue may have affected each of our customers" are continuing.

"It is important to note that not all system users provided all of the affected data elements," according to Pearson.

The Register has attempted to contact Pearson VUE for comment, and was forwarded through to the press office by reception in its London office. There has been no answer so far. ®

Editor's note: This story was revised after publication to clarify the companies involved. Microsoft, although a partner of Pearson, says it is not affected by the security breach. "Microsoft does not utilize Pearson VUE's PCM system. We manage our own certification program and candidate data. This data breach does not affect any Microsoft Certified Professional," a Redmond exec told us.

comment icon Read 13 comments on this article or post a comment alert Send corrections

Opinion

Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella
Stranded_ships

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral

Features

Locker room jocks photo via Shutterstock
Best locker-room strategy: Avoid emulating AWS directly
STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock