Data breaches happen more often than vendors would like to admit. One of the latest security breaches concerns a big management provider – Pearson VUE has suffered an intrusion followed by a malware attack on its Credential Manager System.
Learn more about Data Breaches and Incident Response
Pearson VUE’s Credential Manager System known as PCM supports enterprise certification tracking programs. The company serves a number of well-known clients such as Microsoft, Cisco, IBM and Oracle. The company has admitted that an ‘unauthorized third party improperly accessed certain information related to a limited set of our users’, as quoted by The Register.
Cisco is one the companies that has been compromised by the breach. By attempting to follow a certification via Cisco’s tracking system, it was disclosed that the system had been down for more than a week.
Cisco’s tracking system was most likely down at least since the 14th of November, the reason being ‘down for site maintenance’. However, few days later Cisco found out about the Pearson VUE data breach incident, saying that their tracking system will remain down until further notice.
Types of Leaked Information
According to Cisco, the compromised information consists of names, mailing addresses, email addresses and phone numbers of people who have taken exams for Cisco certifications. Because the PCM system is custom-designed to meet specific requirements of customers, it’s not yet known how the breach may have affected each customer. The investigation is ongoing.
For now, Cisco should be the only Pearson’s client that has been affected by the breach. It’s also not clear why the incident took place in the first place, and if it was a targeted one.