A data breach at Pearson VUE, the certification manager for Cisco, Oracle and IBM compromised the company's Credential Manager System and allowed unauthorised third-party access to data of “a limited set” of its users, Pearson VUE said in a statement Saturday USA time.
“We do not believe that US Social Security numbers or full payment card information were affected by this issue,” the company said, adding that “because the Credential Manager System is custom designed to fit specific customer requirements, we are working to understand how this issue may have affected each of our customers”.
A third party infected the system, which is used by adult learners in pursuit of professional certifications and licenses, with malware and was able to access “certain information”.
The company took the system offline and is working with law enforcement as well as third-party security forensics teams to get to the bottom of the breach.
“We are still assessing the scope of the specific data elements involved,” the statement said. In the mean time, Pearson VUE has set up toll-free help lines and have contacted the customers affected.
No other systems seemed to have been affected by the intrusion, Pearson VUE said, reasserting that customer privacy remains a “top priority.”
This article originally appeared at scmagazineus.com