A certification tracking system (Credential Manager System) used by companies like Cisco, F5, IBM and Oracle has faced a data breach and sensitive data might have been accessed by the hackers.
An announcement made by Pearson VUE (Computer-Based Test (CBT) development and delivery) said a malware was placed on the server of the tracking system which allowed hackers to access sensitive data stored on the system.
The tracking system was used to issue official and diploma certifications to the professionals of various types.
Pearson VUE also clarified that Credential Manager System was the only thing that was exposed in this incident. A spokesperson from Pearson VUE said:
“Because the Credential Manager System is custom designed to fit specific customer requirements, we are working to understand how this issue may have affected each of our customers.”
Initial checks have revealed there is no Credit card or Social Security numbers leaked and it seems the hacking attempt was made to carry out fraudulent transactions.
Tracking system’s servers have been taken offline and will not be restarted until Pearson get them malware and vulnerability free.
Thanks for your continued patience. We apologize that the Credential Manager system is down and are working hard to resolve the issue.
— Pearson VUE (@PearsonVUE) November 21, 2015
Latest tweet shows the PCM is back online:
PCM is back online for most programs! Check the Pearson VUE Facebook page for details. Thank you for your patience during the past week!
— Pearson VUE (@PearsonVUE) November 25, 2015
The Softpedia reports that initially Microsoft’s name was included in the companies affected by the attack, however, Microsoft said that the actual certifications are handled by Microsoft separately and not affected by the data breach.