A data breach at Pearson VUE, the certification manager for Cisco, Oracle and IBM compromised the company's Credential Manager System and allowed unauthorized third-party access to data of “a limited set” of its users, Pearson VUE said in a Saturday statement.
“We do not believe that U.S. Social Security numbers or full payment card information were affected by this issue,” the company said, adding that “because the Credential Manager System is custom designed to fit specific customer requirements, we are working to understand how this issue may have affected each of our customers.”
A third party infected the system, which is used by adult learners in pursuit of professional certifications and licenses, with malware and was able to access “certain information.”
The company took the system offline and is working with law enforcement as well as third-party security forensics teams to get to the bottom of the breach. “We are still assessing the scope of the specific data elements involved,” the statement said. In the mean time, Pearson VUE has set up toll-free help lines and have contacted the customers affected.
No other systems seemed to have been affected by the intrusion, Pearson VUE said, reasserting that customer privacy remains a “top priority.”
CORRECTION: Microsoft has been removed from this story. According to a company spokeswoman, Microsoft manages its own certification program as well as candidate data. The Microsoft Certified Professional was not "in any way" affected by the Pearson VUE breach.