68,000 user accounts compromised by ex-employee — Trend Micro

Galtero Lara
Noviembre 8, 2019

Apart from firing the employee, Trend Micro has disabled unauthorised access to the customer database and is working with law enforcement in the continuing investigation.

While the company says that the incident affects less that 1 percent of its 12 million consumer customers, this still means that the details of over 100,000 people could have been exposed.

Trend Micro first caught wind of the unauthorized disclosure when several users of a home security product began receiving unannounced phone calls from people impersonating Trend Micro support staff.

The employee supplied names, email addresses, phone numbers, and customer support ticket numbers to the scammers, who used the information to call customers while pretending to be Trend Micro support staff.

Our investigation revealed that this employee sold the stolen information to a now unknown third-party malicious actor.

The best defense against scam calls like these is education: Trend Micro, other technology companies, the IRS, and the Social Security Administration will not call you unexpectedly.

Trend, which has offices all over the world, said it believes it has directly informed all of the customers whose information was stolen by the rogue insider, though the security specialist is still warning its consumer customers to be tired of any unsolicited calls claiming to be from Trend support staff. It is now in the process of notifying potentially exposed customers about the risks.

More news: Venezuela: principio de acuerdo para la reforma del CNE

One of the biggest worries of CEOs and CISOs is that an employee will access and sell customer data.

According to the company, the rogue employee did not appear to have stolen any financial or credit card information, and no Trend Micro's business or government customers were affected by the breach.

Trend Micro claimed it has some 12 million customers now.

At this stage, it's not known if any Australian customers are among the stolen information.

It later found out its systems had not been attacked over the internet and it was instead facing a "malicious insider threat".

Despite launching an investigation into the matter immediately, it took Trend Micro until the end of last month to conclude that a rogue staffer had accessed a customer support database, and sold the information it contained to an unknown third-party. "If you receive an unexpected phone call claiming to be from Trend Micro, hang up and report the incident to Trend Micro support using our official contact details below", the company said.

The employee has since been fired, and the police are involved. If you encountered the scam, you can contact the company's customer support portal for assistance.

Otros informes por

Discuta este artículo