A TrendMicro employee has been stealing consumer information and selling it to tech support scammers. The company made an announcement regarding this security incident, in which in becomes clear that unauthorized disclosure of personal data of some customers has been compromised by an employee. An investigation was immediately initiated.
This is an example of how insider threats endanger the privacy and security of a company. Such incidents could also impact the reputation of the business.
TrendMicro Security Incident: What Happened?
Apparently, in August 2019, TrendMicro became aware that some of the customers of their consumer (home) solutions were receiving tech support scam calls, where scammers were impersonating TrendMicro tech-support agents.
“Although we immediately launched a thorough investigation, it was not until the end of October 2019 that we were able to definitively conclude that it was an insider threat,” the company said in the official announcement.
A Trend Micro employee used fraudulent means to gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers.
The good news is that it seems that no other information including financial or credit payment information was involved in the incident, or that any data from the company’s business or government customers was improperly accessed.
The company’s investigation revealed that this employee sold the stolen information to a currently unknown third-party malicious actor. Fortunately, they quickly disabled the unauthorized account access and terminated the employee.
It is important to note that TrendMicro offers tech support over the phone, but they will never call their customers unexpectedly.
If a support call is to be made, it will be scheduled in advance, the blog post said. “If you receive an unexpected phone call claiming to be from Trend Micro, hang up and report the incident to Trend Micro,” and this is valid for any other unexpected tech support call.