Trend Micro: Discloses Insider Threat Impacting Customer Data

[German]Security firm Trend Micro has just admitted that an employee has sold customer data to online support scammers. This affects 1% of the company's English-speaking private customers.

First attempts of Tech Support Scam in August 2019

In early August 2019, Trend Micro received information that some consumers using the company's home security solutions had suddenly received Tech Support fraud calls from criminals. The scammers posed as Trend Micro support staff and tried to trick customers into taking action. The information the criminals allegedly possessed in these fraud calls led Trend Micro to suspect a coordinated attack.

According to this blog post, the company directly initiated internal investigations into what might have happened. It soon became clear that this was an insider job and that some data was passed on to online criminals. The suspect was a Trend Micro employee who clearly had criminal intent accessing the data improperly. 

Incident resolved in October 2019

Although an investigation was immediately initiated, it was not clear until the end of October 2019 that the data breach wasn't a hack. Trend Micro investigators finally determined that it was an insider job. A Trend Micro employee improperly accessed a customer support database with a clear criminal intent. This database contained the names, email addresses, Trend Micro support ticket numbers and in some cases customer phone numbers. This data was sold to online criminals.

Only 1% of private customers affected

According to the internal investigation, this data leak and fraud affected less than 1% of TrendMicro's 12 million consumer customers. In addition, only English-speaking users were affected by this data leak. The company points out that customers of consumer products for the private sector would never be called so by employees.

According to Trend Micro, there are no signs that other information such as financial or credit payment information has been stolen. There is also no evidence that data from Trend Micro business or government customers has been improperly retrieved.    

Result of the internal investigation

The internal investigation revealed that this employee had sold the stolen information to a currently unknown malicious third party. The company immediately took actions to stop the flow of data. This included the immediate deactivation of unauthorized account access and the termination of the employee concerned. Trend Micro is working with the law enforcement agency in this case. This year, the company is being shaken by security incidents. In , for example, I reported an alleged hack by three US antivirus vendors (see links below). Bleeping Computer reports here that Trend Micro was affected in June 2019 by a hack.