Trend Micro reveals rogue employee sold data of up to 120,000 customers

Updated: The cybersecurity firm says the attack came from within, leading to targeted scams.

Inside cyber threats: How to identify accidental ones vs intentional ZDNet's Tonya Hall sits down with Justin Fier, director of threat intel and analysis at Darktrace, to learn more about cyber threats from the inside out and how to identify an accidental threat versus an intentional threat.

Update 15.51 GMT: A Trend Micro spokesperson told ZDNet that it appears approximately 70,000 customers have been impacted as a more concise estimate than "fewer than one percent" of Trend Micro's 12 million customer base.

Trend Micro has revealed a "security incident" leading to the theft of personal data from customers caused by a former employee. 

Suspected to be the work of a Trend Micro employee, the cybersecurity firm says that no external hack took place; rather, the insider pilfered information belonging to clients by accessing a customer support database. 

Information including names, email addresses, support ticket numbers, and some telephone numbers were taken. 

This data was then used to conduct scams, and in August 2019, the company was made aware that some consumers were receiving calls from people pretending to be Trend Micro employees. 

See also: Chameleon gambling apps wiped from App Store, Google Play

The information gathered by the alleged insider was used to give the scam an air of legitimacy. However, the company has not revealed the exact nature of the fraudulent scheme. 

Now suspecting a "coordinated attack," Trend Micro launched an investigation, and by the end of the month, pinpointed the employee, who allegedly "improperly accessed the data with a clear criminal intent."

It is believed the information was sold on to a third-party, but the identity of the threat actor — or group responsible — is not yet known. 

Impacted customers, predominately English-speaking, have been notified and the cybersecurity firm is keen to emphasize that the data theft likely only affected less than one percent of Trend Micro's 12 million customers. Still, this could be up to 120,000 individuals, which is a substantial number. 

CNET: New algorithms go fraud-hunting in voter database

"There are no indications that any other information such as financial or credit payment information was involved, or that any data from our business or government customers was improperly accessed," Trend Micro added. 

Trend Micro disabled the employee's account and fired them. Law enforcement has been notified. 

TechRepublic: How boot camps may fill the need for more white hats in the US

If you are a Trend Micro customer and have received such a call, you should ignore it as the company will not cold-call you. 

The insider threat is Trend Micro's public cybersecurity problem of 2019. Last year, the company had to apologize after it was discovered that some Trend Micro antivirus solutions were capturing Mac browser data and whisking it away to remote servers. 

At the time, Trend Micro apps including Dr Cleaner, Dr Cleaner Pro, Dr. Antivirus, and Dr Unarchiver were removed from Apple's App Store. Trend Micro said the "snapshots" were used for malware detection purposes.

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0