Possible breach at Person Vue

wes allen

This might impact quite a few of us:

Press room :: Pearson VUE

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

OctalDump

Wow.

"The unauthorized third party improperly accessed certain information related to a limited set of our users."

Which could be anything from "they got everything about everyone" to "they got the usernames of 3 people".

I am assuming from "We have been updating affected customers and will continue to do so. " and "we are working to understand how this issue may have affected each of our customers." that they will inform people affected when they are aware that they have been affected.

I have no emails from Pearson, yet, so let's see what happens.

EDIT:
Just occurred to me that this could be of interest to "a state actor", in that they probably can get records of government and military personnel who have certified. I think that those details could be accessible via multiple paths, including simple things like exam codes. I wonder if they could get access to score transcripts and identify 'weaker' staff (multiple failed tests, just scrape throughs)?

dustervoice

So the hacker(s) knows my real CISSP results? Hopefully they post my weak domains on Pastebin

Verities

Pearson Vue couldn't be more vague.

@Octaldump - If the intent was malicious and not trying to change exam scores...it would make sense they could target DoD personnel that have to conform to the 8570 standard. This information, coupled with say the information ex filtrated from OPM could lead to specific targeting of cleared personnel, servicing DoD networks.

--chris--

Just own up to what you don't know, lay out what you think could be affected and do it on day 1 :Shakes Fist:

The worst part of all of this is not knowing how it will affect you and having to wait to find out.

This doesn't make me feel warm and fuzzy:

While the company doesn't believe US Social Security numbers were spaffed – nor "full" payment card information – it acknowledged that the PCM system is "custom designed to fit specific customer requirements," and so attempts to "understand how this issue may have affected each of our customers" are continuing.

Data breach at biz that manages Cisco, F5 certs plus many others

bigdogz

Maybe we now should own a certificate that reads "Pawned".

HailHogwash

Yikes!!! havent got an email yet..no news is good news perhaps?

OctalDump

The affected system appears to be back online. I guess that means we should find out soon who was affected, right?