Pearson Vue Credential Management System

In case you have missed it, the Pearson Vue Credential Management System was breached and it appears some data may have been leaked.

Pearson Vue FAQ

Candidate FAQs about Pearson Credential Management (PCM) System

November 23, 2015

What happened to Credential Manager?
We recently were made aware that an unauthorized third party placed malware on Pearson VUE’s Credential Manager (PCM) system, which is a platform that supports adult professional certification and licenses. The unauthorized party improperly accessed certain information related to a limited set of Pearson VUE’s PCM system users. As of now, we do not believe that U.S. Social Security numbers or full payment card information were compromised as a result of this issue.

We are working to investigate this issue. For the time being, the Pearson VUE PCM system remains offline. We apologize for any inconvenience this may cause.

How do I know if my program uses Pearson VUE’s PCM system?
PCM is a credential management system used by a subset of Pearson VUE’s credentialing, certification and licensing customers. Many of these customers refer to the platform by a different name with their candidates/members. If your credentialing, certification or licensing organization has posted information about this or communicated with you about the issue directly, then it’s likely that you use this platform. It is important to note there is no indication at this time that the issue involved the Pearson VUE Testing System, thePearsonVUE.com website or any other Pearson/Pearson VUE systems. The issue is isolated to the PCM system.

Who is responsible for the malware attack?
We are working closely with security experts and law enforcement authorities to investigate the source and details of this issue.

What information may have been affected by this issue?
It appears that an unauthorized party improperly accessed certain limited information related to some PCM system users. As of now, we do not believe that U.S. Social Security numbers or full payment card information were compromised as a result of this issue. Because the Credential Manager System is custom designed to fit specific customer requirements, we are working to understand how this issue may have affected each of our customers. It is important to note that not all system users provided all of the affected data elements.

What is Pearson doing to help me in light of this incident?
While we do not believe that U.S. Social Security numbers or full payment card information were compromised as a result of this issue, for additional peace of mind, we have arranged with AllClear ID to offer identity protection services to potentially affected users for one year at no cost to them.  For more information about these services, users in the U.S. and Canada may call (855) 270-9182.  International users may call +1 (512) 201-2203 or email global@allclearid.com to schedule a call.  The hotline is currently directed to a voice response message, and will be staffed with live agents Monday through Saturday, from 8am to 8pm CST, beginning on or around Wednesday, November 25, 2015.

Should I expect communication from Pearson VUE regarding this incident?
We will provide additional information as appropriate as our investigation progresses.  Please note that Pearson will NOT proactively reach out to you to ask for sensitive information over email or telephone. We encourage you to be suspicious of such requests.

What should I do if I believe my information was affected?
As indicated above, while we do not believe that U.S. Social Security numbers or full payment card information were compromised as a result of this issue, we have arranged with AllClear ID to offer identity protection services to potentially affected users for one year at no cost to them.  In addition, under U.S. law you are entitled to one free credit report annually from each of the three national credit bureaus.  To order your free credit report, visit www.annualcreditreport.com or call toll free at 1-877-322-8228.  If you detect any unauthorized transactions in any of your financial accounts, promptly notify your payment card company or financial institution.

Who can I contact if I have additional questions?
For more information about this issue, users in the U.S. and Canada may call (855) 270-9182.  International users may call +1 (512) 201-2203 or email global@allclearid.com to schedule a call. The hotline is currently directed to a voice response message, and will be staffed with live agents Monday through Saturday, from 8am to 8pm CST, beginning on or around Wednesday, November 25, 2015.  We will provide additional information as appropriate as our investigation progresses

What is Pearson VUE?
Pearson VUE is a professional certification and licensing platform for professionals across many industries and is part of Pearson, the world’s leading learning company.

Why does Pearson VUE have my information?
Pearson VUE received your information in connection with a professional credential or license you tested or applied for previously.

I’m a Pearson VUE customer, but I do not use the PCM platform. Does this impact me?
Our analysis to date indicates that this issue is isolated to Pearson VUE’s Credential Manager (PCM) system. There is no indication that any other systems have been affected.

Was any testing information affected?
Based on our investigation, there is no evidence at this time indicating that the VUE Testing System (VTS) or Exam Developer Software was affected by this issue.

 

Cisco Systems’ Response

Cisco Systems actually provided more about the than Pearson Vue currently does. They have a blog post up, which is being updated: https://learningnetwork.cisco.com/bl…-data-exposure

Cisco BLUF: The certification tracking system is down (integral7.com, I believe). If you took an exam recently, your current certification status will still show the “pending” result given to you on the end of the day, and an actual confirmation could take some days/weeks etc., until the system is back online.

Cisco’s FAQ

FAQ: Certifications Tracking System Outage and Data Exposure

When will the Certification Tracking Tool be available again?
The Cisco Certifications Tracking System will  remain down until further notice while the investigation is underway.  However, as updates are available, information  will be updated in this blog post.

What data of mine was compromised?
At this time, we believe that the  compromised information, as it relates to individuals who have taken exams for  and hold Cisco certifications, is limited to: name, mailing address, email  address and phone number.

Why does the exposed information for Cisco users include fewer data  fields than the broader user audience?
When the Cisco exams are  taken at one of the Pearson VUE test centers, Cisco does not ask for Social  Security, Date of Birth, Credit Card numbers or Cisco.com id and password, so  that more sensitive information would not have been compromised.

What is Pearson doing about identity protection?
Users in the U.S. and Canada may call  (855) 270-9182. International users may call +011 (512) 201-2203 for more  information. Pearson is offering   identity protection to affected candidates for one-year at no cost. To  schedule an appointment email global@allclearid.com.  The Pearson hotline is currently directed to  a voice message. However, after Wednesday, November 25, 2015 the hotline will  be staffed  Monday through Saturday, from  8:00am to 8:00 pm CST.

How can I get access to my certification history, change my address,  get my certification PDF or plague  for my completed certification?
You can log a case with our  support team at www.cisco.com/go/certsupport.

Is Cisco Certification testing still available?
There is no indication that  any other systems, such as the actual testing tools, have been affected. Testing for Cisco Certifications is able to continue.

Leave a Reply

Your email address will not be published. Required fields are marked *