Pearson VUE has disclosed that intruders infected its certification credential manager system with malware. The system supports certification tracking programs for Cisco, F5 and other technology companies.
In the wake of the security breach, Pearson VUE has taken the system offline as works with law enforcement to investigate the incident. The system appears to have been down for at least a week. Cisco said its certification tracking system is down, but that testing for Cisco certifications is unaffected and continues.
In a blog post Monday, Chris Jacobs, director of certifications and lab delivery technical services at Cisco, described the Pearson Credential Manager System (PCM) as "an important part of Cisco's certification ecosystem" that enables users to manage and track their CCIE, CCNA, CCNP and other Cisco certifications.
"An unauthorized party may have accessed limited personal information from PCM, though we believe the impact to Cisco users does not include as many data fields as the broader user audience," he wrote. "At this time, we believe that the compromised information, as it relates to individuals who have taken exams for and hold Cisco certifications, is limited to: name, mailing address, email address and phone number."
Pearson VUE said the breach appears to be isolated to its credential manager system; testing systems were unaffected. The company said it was assessing the scope of the data compromised.
"As of now, we do not believe that U.S. Social Security numbers or full payment card information were compromised as a result of this issue. Because the Credential Manager System is custom designed to fit specific customer requirements, we are working to understand how this issue may have affected each of our customers," Pearson VUE said.
Well-known networking blogger Greg Ferro minced no words in the wake of the breach.
"Cisco needs to choose better business partners. Pearson VUE has dominated the technical certification market by buying out all of its competitors, not because it offers a quality service or marketing leading products," he wrote in a blog post Tuesday. "This breach was entirely predictable and expected when you see the technology that they use for testing. It's a joke."
Jacobs said the Cisco certification tracking system will remain down until further notice.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
