Categories: Workspace

Former Trend Micro Staffer Sold Customer Data

Japanese cyber security specialist Trend Micro has admitted a “security incident” that saw a rogue employee sell data of tens of thousands of customers to a third party.

The firm said that the details of 68,000 customers had been compromised in “not an external hack, but rather the work of a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls.”

In August Kaspersky Lab warned in a report that cyber incidents in industrial settings were mostly down to human error.

Inside job

But the Trend Micro data theft was down to a malicious internal actor.

We recently became aware of a security incident that resulted in the unauthorized disclosure of some personal data of an isolated number of customers of our consumer product,” blogged the Japanese firm.

“We immediately started investigating the situation and found that this was the result of a malicious insider threat,” it added. “The suspect was a Trend Micro employee who improperly accessed the data with a clear criminal intent.”

The employee has been terminated (presumably his employment contract), Trend said.

“Our open investigation has confirmed that this was not an external hack, but rather the work of a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls,” wrote Trend. “That said, we hold ourselves to a higher level of accountability and sincerely apologize to all impacted customers for this situation.”

It said it has notified the affected customers (68,000 out of its 12 million worldwide customers).

Trend said that in early August 2019, it became suspicious when some of its consumer customers (mostly English speaking) began receiving scam calls by criminals impersonating Trend Micro support personnel.

“The information that that criminals reportedly possessed in these scam calls led us to suspect a coordinated attack,” said Trend.

Unknown third party

It was not until the end of October 2019 that Trend was able to definitively conclude that it was an insider threat.

“A Trend Micro employee used fraudulent means to gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers,” it wrote. “There are no indications that any other information such as financial or credit payment information was involved, or that any data from our business or government customers was improperly accessed.”

This staffer sold the information to “a currently unknown third-party malicious actor.”

Trend said that it would never call a customer unexpectedly, and any support calls are scheduled in advance.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Mozilla Drops ‘Do Not Track’ For Upcoming Firefox Browser

The forthcoming Firefox 13.5 will not include a 'do not track' option, as the opt-out…

40 mins ago

UN Body To Protect Subsea Cables Holds First Meeting

United Nations body to protect undersea communications cables that are crucial for international trade and…

17 hours ago

Meta Donates $1 Million To Donald Trump Inauguration Fund

Weeks after CEO Mark Zuckerberg met with Donald Trump privately at Mar-a-Lago, comes news of…

19 hours ago

US To Raise Tariffs On Chinese Solar Wafers, Polysilicon, Tungsten

Protecting American clean energy businesses. Biden administration plans to raise tariffs on certain Chinese products

20 hours ago

Australia To ‘Charge’ Tech Firms For News Content, After Meta Ends Licensing Deal

News fee. Australia looks introduce mandatory charge on social media platforms and search engines to…

20 hours ago