Pearson VUE Credential manager system has been compromised

Pearson VUE, the world biggest learning, testing and certification company has announced that its Credential Manager system (PMC) has been breached.

On their website, Pearson VUE gives us some details of what might have happened, even though they don’t share who is the responsible for this breach.

“We recently were made aware that an unauthorized third party placed malware on Pearson VUE’s Credential Manager (PCM) system, which is a platform that supports adult professional certification and licenses. The unauthorized party improperly accessed certain information related to a limited set of Pearson VUE’s PCM system users. As of now, we do not believe that U.S. Social Security numbers or full payment card information were compromised as a result of this issue. “

Pearson VUE will keep PCM system offline for the necessary investigation.

“If your credentialing, certification or licensing organization has posted information about this or communicated with you about the issue directly, then it’s likely that you use this platform. It is important to note there is no indication at this time that the issue involved the Pearson VUE Testing System, the PearsonVUE.com website or any other Pearson/Pearson VUE systems. The issue is isolated to the PCM system. “the company added.

“Based on our investigation, there is no evidence at this time indicating that the VUE Testing System (VTS) or Exam Developer Software was affected by this issue.”

Since Pearson VUE is still trying to understand the scope of the data breach, they are not sure which data the attackers were able to get, but they think that no Social Security numbers or  payment card information were in the leaked data.

The Pearson Credential Manager (PCM) system supports a number several companies’ certification tracking programs, including Cisco and F5 who posted some notes about the incident as well.

“According to Pearson VUE, an unauthorized party may have improperly gained access to information related to users that could include: names, postal addresses, phone numbers, email addresses, user IDs and, in some cases, last four digits of credit card numbers and dates of birth”, “As a precaution, Pearson VUE has taken its Credential Manager System offline and has informed us that it will remain offline until this matter has been resolved. As a result, all F5 certification processes are on hold until Pearson VUE gets its Credential Manager System back on line—our apologies for this inconvenience.” reported F5.

Since at least 14 November, the Cisco’s tracking system was down for “site maintenance,” but on Saturday, the company announced the Pearson VUE breach and stated its tracking system “will remain down until further notice”.

 “PCM is an important part of Cisco’s certification ecosystem, as it enables individual users to manage and track their CCIE, CCNA, CCNP and other Cisco certifications directly through Pearson’s platform” said Cisco about the issue.

As I said before there is no certainty, about which data was leaked, but the news circulating on the Internet suggests that “just” name, mailing address, email address and phone number belonging to those who hold certifications were exposed.

Personally, that worries me, since I’m one the cases, as many of my colleagues in my field. The attackers may have many plans for this information, but one of them can be the mapping of all security/IT professionals.

We in Security Affairs will keep following this subject and will share with you if any news comes up.

About the Author Elsio Pinto

Pierluigi Paganini

(Security Affairs – Pearson VUE, data breach)