Trend Micro on Tuesday disclosed an insider threat incident that involved an employee selling the personal information of roughly 100,000 customers to tech support scammers.
Trend Micro learned in early August that some customers of its home security product had been getting scam calls from individuals claiming to represent Trend Micro support. An investigation was launched immediately and, in late October, the company concluded that an insider was involved.
“Our open investigation has confirmed that this was not an external hack, but rather the work of a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls,” Trend Micro said.
According to the cybersecurity firm, an employee improperly accessed a customer support database containing names, email addresses, support ticket numbers and, in some cases, phone numbers. The company says there is no evidence that any other type of information, such as financial details or data on enterprise customers, has been compromised.
Trend Micro determined that the employee sold the information to an unknown “malicious actor,” which used it to make scam calls pretending to be Trend Micro support personnel.
The employee in question has been terminated and there is an ongoing law enforcement investigation into this incident.
Trend Micro has determined that less than 1% of the 12 million customers using its consumer solutions are affected and they should have already received a notification from the company. It appears the scammers targeted only English-speaking customers.
“If you have purchased our consumer product, you should know that Trend Micro will never call you unexpectedly. If a support call is to be made, it will be scheduled in advance. If you receive an unexpected phone call claiming to be from Trend Micro, hang up and report the incident to Trend Micro support using our official contact details below,” Trend Micro told customers.