Trend Micro reveals that customer data was illegally sold following inside-job 'security incident'

Security firm Trend Micro has revealed details of an inside scam which led to personal details of its customers being exposed.

The security incident dates back to August this year, and the company says that it was made aware of customers being contacted by fake Trend Micro support staff. Following an investigation lasting until the end of October, it was determined that it was a member of staff that had fraudulently gained access to a customer database and sold personal data to a third party.

See also:

• Hackers breach security at Web.com, Network Solutions and Register.com, accessing private customer info
• Firefox users are being targeted by malicious sites that exploit a known bug to lock up the browser
• Google pushes out urgent Chrome update to patch actively exploited zero-day vulnerabilities

Trend Micro says that the employee was able to access names, email addresses, support ticket numbers and telephone numbers, stressing that it was an inside job and not an external hack. The finger of blame points squarely at "a Trend Micro employee who improperly accessed the data with a clear criminal intent", and law enforcement is now involved.

In an announcement about the incident, Trend Micro explains:

In early August 2019, Trend Micro became aware that some of our consumer customers running our home security solution had been receiving scam calls by criminals impersonating Trend Micro support personnel.  The information that the criminals reportedly possessed in these scam calls led us to suspect a coordinated attack.

Although we immediately launched a thorough investigation, it was not until the end of October 2019 that we were able to definitively conclude that it was an insider threat. A Trend Micro employee used fraudulent means to gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers. There are no indications that any other information such as financial or credit payment information was involved, or that any data from our business or government customers was improperly accessed.

Our investigation revealed that this employee sold the stolen information to a currently unknown third-party malicious actor. We took swift action to contain the situation, including immediately disabling the unauthorized account access and terminating the employee in question, and we are continuing to work with law enforcement on an ongoing investigation.

While the company says that the incident affects less that 1 percent of its 12 million consumer customers, this still means that the details of over 100,000 people could have been exposed.