14 DAY TRIAL // Pearson VUE has announced a data breach of its Credential Manager System, a certification tracking program used by companies like Cisco, F5, IBM, Microsoft, and Oracle, to issue diplomas and official certification for various types of professionals.
According to the company's official statement, the data breach occurred via malware implanted on its servers by an unauthorized third-party. This malware has allowed the third-party to access sensitive data.
Pearson VUE says that only the Credential Manager System was affected by this particular incident.
"Because the Credential Manager System is custom designed to fit specific customer requirements, we are working to understand how this issue may have affected each of our customers," said a Pearson spokesperson.
While assessing the damage for each client may take some time, the company was quick to say that no sensitive information like credit card numbers and Social Security Numbers were leaked in the incident.
To prevent further intrusions, the company took the Credential Manager System offline and announced the proper authorities.
It is highly unlikely that any details about current certifications may have been modified by the attackers since they were probably looking for data to exploit in fraudulent transactions or to sell on the black market.
In the meantime, the certification systems of affected companies will remain offline until Pearson deems it safe to restart its own servers.
UPDATE: A first version of this article included Microsoft as a company affected by this incident. Softpedia was contacted by a Microsoft employee which informed us that Pearsons VUE is in charge of delivering Microsoft exams. The actual certifications are handled by Microsoft separately, and could have not been affected by the data breach.