Cyber Incident Victim: Pearson VUE
Date:
Nov 2015
Location:
United States of America
Summary
A cybersecurity incident involving unauthorized access to Pearson VUE's Credential Manager System compromised limited user information, including names, mailing addresses, email addresses, and phone numbers for individuals associated with certification programs such as Cisco's. The malware-based breach affected the custom-designed platform supporting multiple clients, though the company stated no evidence indicated exposure of Social Security numbers or full payment card details, with impact varying based on specific customer configurations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In November 2015, Pearson VUE, a provider of certification management services for technology companies including Cisco and F5, disclosed a security breach involving unauthorized access to its Pearson Credential Manager (PCM) system. The incident came to light after Cisco’s certification tracking system, which relied on Pearson VUE’s PCM platform, displayed extended downtime starting no later than November 14, initially attributed to “site maintenance.” By November 21, Cisco confirmed the outage was linked to a breach at Pearson VUE and suspended its tracking system indefinitely. Pearson VUE stated the compromise stemmed from malware infiltrating the PCM system, which was specifically designed to meet individual client requirements for certification program management. The company emphasized no evidence suggested other systems beyond PCM were affected and indicated the intrusion impacted only a limited subset of users. Cisco clarified that, for its certification holders, the exposed data appeared confined to names, mailing addresses, email addresses, and phone numbers, though Pearson VUE acknowledged the scope might vary across other clients due to the platform’s customizable nature.
The breach investigation revealed no indication that U.S. Social Security numbers or complete payment card details were accessed, though Pearson VUE cautioned that not all users had provided identical data elements to the PCM system. While Cisco downplayed risks of additional personal information exposure specific to its users, Pearson VUE continued assessing potential variations in impact across its customer base. The company initiated efforts to determine how the malware intrusion affected each client’s unique implementation of the PCM platform. Public awareness of the incident grew partly due to reports from affected individuals, such as a Cisco certification candidate who observed the prolonged system unavailability and alerted media. Pearson VUE’s London office did not respond to immediate press inquiries following the disclosure. No further technical details about the malware’s entry vector, duration of unauthorized access, or total number of affected individuals were disclosed in the initial acknowledgment.