Former Trend Micro Staffer Sold Customer Data

Whistleblower leak keyboard security breach © CarpathianPrince Shutterstock

Rogue employee at security vendor Trend Micro sold data of 68,000 customers to third party

Japanese cyber security specialist Trend Micro has admitted a “security incident” that saw a rogue employee sell data of tens of thousands of customers to a third party.

The firm said that the details of 68,000 customers had been compromised in “not an external hack, but rather the work of a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls.”

In August Kaspersky Lab warned in a report that cyber incidents in industrial settings were mostly down to human error.

ukraine, hacking

Inside job

But the Trend Micro data theft was down to a malicious internal actor.

We recently became aware of a security incident that resulted in the unauthorized disclosure of some personal data of an isolated number of customers of our consumer product,” blogged the Japanese firm.

“We immediately started investigating the situation and found that this was the result of a malicious insider threat,” it added. “The suspect was a Trend Micro employee who improperly accessed the data with a clear criminal intent.”

The employee has been terminated (presumably his employment contract), Trend said.

“Our open investigation has confirmed that this was not an external hack, but rather the work of a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls,” wrote Trend. “That said, we hold ourselves to a higher level of accountability and sincerely apologize to all impacted customers for this situation.”

It said it has notified the affected customers (68,000 out of its 12 million worldwide customers).

Trend said that in early August 2019, it became suspicious when some of its consumer customers (mostly English speaking) began receiving scam calls by criminals impersonating Trend Micro support personnel.

“The information that that criminals reportedly possessed in these scam calls led us to suspect a coordinated attack,” said Trend.

Unknown third party

It was not until the end of October 2019 that Trend was able to definitively conclude that it was an insider threat.

“A Trend Micro employee used fraudulent means to gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers,” it wrote. “There are no indications that any other information such as financial or credit payment information was involved, or that any data from our business or government customers was improperly accessed.”

This staffer sold the information to “a currently unknown third-party malicious actor.”

Trend said that it would never call a customer unexpectedly, and any support calls are scheduled in advance.

Do you know all about security? Try our quiz!