[BreachExchange] Trend Micro reveals rogue employee sold data of up to 120, 000 customers

Destry Winant destry at riskbasedsecurity.com
Fri Nov 8 09:59:53 EST 2019


https://www.zdnet.com/article/trend-micro-reveals-insider-threat-exposing-customer-data/

Update 15.51 GMT: A Trend Micro spokesperson told ZDNet that it
appears approximately 70,000 customers have been impacted as a more
concise estimate than "fewer than one percent" of Trend Micro's 12
million customer base.

Trend Micro has revealed a "security incident" leading to the theft of
personal data from customers caused by a former employee.

Suspected to be the work of a Trend Micro employee, the cybersecurity
firm says that no external hack took place; rather, the insider
pilfered information belonging to clients by accessing a customer
support database.

Information including names, email addresses, support ticket numbers,
and some telephone numbers were taken.

This data was then used to conduct scams, and in August 2019, the
company was made aware that some consumers were receiving calls from
people pretending to be Trend Micro employees.

The information gathered by the alleged insider was used to give the
scam an air of legitimacy. However, the company has not revealed the
exact nature of the fraudulent scheme.

Now suspecting a "coordinated attack," Trend Micro launched an
investigation, and by the end of the month, pinpointed the employee,
who allegedly "improperly accessed the data with a clear criminal
intent."

It is believed the information was sold on to a third-party, but the
identity of the threat actor — or group responsible — is not yet
known.

Impacted customers, predominately English-speaking, have been notified
and the cybersecurity firm is keen to emphasize that the data theft
likely only affected less than one percent of Trend Micro's 12 million
customers. Still, this could be up to 120,000 individuals, which is a
substantial number.

CNET: New algorithms go fraud-hunting in voter database

"There are no indications that any other information such as financial
or credit payment information was involved, or that any data from our
business or government customers was improperly accessed," Trend Micro
added.

Trend Micro disabled the employee's account and fired them. Law
enforcement has been notified.

If you are a Trend Micro customer and have received such a call, you
should ignore it as the company will not cold-call you.

The insider threat is Trend Micro's public cybersecurity problem of
2019. Last year, the company had to apologize after it was discovered
that some Trend Micro antivirus solutions were capturing Mac browser
data and whisking it away to remote servers.

At the time, Trend Micro apps including Dr Cleaner, Dr Cleaner Pro,
Dr. Antivirus, and Dr Unarchiver were removed from Apple's App Store.
Trend Micro said the "snapshots" were used for malware detection
purposes.


More information about the BreachExchange mailing list