Pearson VUE today notified users that an unauthorized third party placed malware on their Credential Manager System (PCM). PCM is a platform maintained by Pearson that supports certification tracking programs for a number of companies, including Cisco. PCM is an important part of Cisco’s certification ecosystem, as it enables individual users to manage and track their CCIE, CCNA, CCNP and other Cisco certifications directly through Pearson’s platform.
Thoughts and Reactions
- Pearson VUE is one of worst companies to deal with as consumer/customer. They have old technology, woeful systems and their support service is abysmal.
- Pearson VUE technology is typically a decade behind acceptable, by any reasonable measure. Old technology is obviously and preditably vulnerable.
- The parent company Pearson, a big media company, is known to be in financial distress as the media industry changes dramatically – cutting IT spending includes ignoring IT security. Predictable outcome.
- The Cisco Certifications system is down indefinitely.
What data of mine was compromised?
At this time, we believe that the compromised information, as it relates to individuals who have taken exams for and hold Cisco certifications, is limited to: name, mailing address, email address and phone number.
Recommendation: Cisco needs to choose better business partners. Pearson VUE has dominated the technical certification market by buying out all of its competitors, not because it offers a quality service or marketing leading products. This breach was entirely predictable and expected when you see the technology that they use for testing. Its a joke.
Also, a cheap(for them)/free(to us) credit monitoring for one year doesn’t excuse badly run businesses that have low quality internal processes. Cisco should dump Pearson VUE immediately.