An employee of trusted cybersecurity firm Trend Micro has been fired after illegally accessing and selling customer data to a malicious third party.
An estimated 68,000 English-speaking customers were affected by the insider threat incident, which was disclosed by Trend Micro on Tuesday.
Trend Micro’s suspicions were first aroused in early August 2019, when customers running the company’s home security solution began reporting that they had received calls from scammers purporting to be Trend Micro support personnel.
In a statement shared on the company website, a Trend Micro spokesperson wrote: “The information that the criminals reportedly possessed in these scam calls led us to suspect a coordinated attack.”
An investigation was “immediately launched” by Trend Micro, but it wasn’t until October 2019 that the company was able to say for sure that the scam phone calls had stemmed from an insider threat.
Information that ended up in the hands of the criminal scammers included names, email addresses, and telephone numbers.
The identity of the malicious third party who bought the information from the rogue Trend Micro employee, and how much they paid for the stolen data, is currently unknown.
A Trend Micro spokesperson wrote: “A Trend Micro employee used fraudulent means to gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers.
“There are no indications that any other information such as financial or credit payment information was involved, or that any data from our business or government customers was improperly accessed.”
Upon discovering the wounding betrayal by one of their own, Trend Micro immediately disabled the unauthorized account access and fired the insider threat culprit. The incident is currently under investigation by law enforcement.
In a statement released on their website, Trend Micro reminded their customers that the company never makes unsolicited phone calls to consumers.
A company spokesperson wrote: “If a support call is to be made, it will be scheduled in advance. If you receive an unexpected phone call claiming to be from Trend Micro, hang up and report the incident to Trend Micro support.”