Rogue TrendMicro Employee Sold Customer Data to Tech Support Scammers

Do you always uncomfortable trusting companies with your data? If so, you’re not alone.

While companies do much to protect themselves from external threats, insiders always pose the highest risk to a company’s data.

Unfortunately, when we say companies can’t eliminate insider threat completely, cybersecurity firms, who are meant to protect others, are not an exception.

Cybersecurity firm Trend Micro has disclosed a security incident this week carried out by an employee who improperly accessed the personal data of thousands of its customers with a “clear criminal intent” and then sold it to a malicious third-party tech support scammers earlier this year.

According to the security company, an estimated number of customers affected by the breach is 68,000, which is less than one percent of the company’s 12 million customer base.

Trend Micro first became aware of the incident in early August 2019 when it found that some of its consumer customers were receiving scam calls by criminals impersonating its support employee, which initially led the company to suspect a coordinated attack.

However, a thorough investigation of at least two months into the matter revealed that the incident was not due to an external hack of its systems, rather an insider, who gained access to one of the Trend Micro’s customer support databases.

“[It was] the work of a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls,” the company said in a blog post published Tuesday.

The stolen database contained Trend Micro consumer customers’ names, email addresses, Trend Micro support ticket numbers, and in some instances, phone numbers.

According to the company, the rogue employee did not appear to have stolen any financial or credit card information, and no Trend Micro’s business or government customers were affected by the breach.

The investigation also revealed that the rogue employee then sold this information to a “currently unknown” malicious third-party, which resulted in some of its customers receiving scam calls from people impersonating Trend Micro employees.

Though the identity of the rogue employee is still not disclosed, Trend Micro said that it disabled the employee’s account and fired the culprit and that it notified law enforcement and is working with them.

As a result, the company is now warning its customers of fake calls, saying that its customer-support staff never calls people “unexpectedly” even if they have purchased its consumer product.

“If a support call is to be made, it will be scheduled in advance,” the company said. “. If you receive an unexpected phone call claiming to be from Trend Micro, hang up and report the incident to Trend Micro support using our official contact details.”

A separate data breach incident The Hacker News published today also caused due to an insider threat, where two former Twitter employees have been charged with accessing information on thousands of Twitter user accounts on behalf of the Saudi Arabian government.