Anti-virus vendor Trend Micro has revealed a major data breach carried out by an employee who stole a chunk of its consumer customer support database and sold it to scammers who then impersonated Trend Micro support in a tech support scam.
The company revealed the breach on Wednesday, which it says affected “less than one per cent” of its 12 million consumer customers, predominantly from English-speaking countries.
“The suspect was a Trend Micro employee who improperly accessed the data with a clear criminal intent,” Trend Micro said in a statement. “We immediately began taking the actions necessary to ensure that no additional data could be improperly accessed, and have involved law enforcement."
The employee, who has since been terminated, “used fraudulent means to gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers.”
Trend Micro has not revealed the employee's former position or where the employee of the global firm was based. A Trend Micro spokesperson said in an emailed statement to CSO Online Australia that the company could not divulge these details because it was an open investigation.
It did however reveal the employee sold the information to a currently unknown third-party. The details were then used by scammers to impersonate Trend Micro support and contact customers who use its home security products.
Trend Micro doesn’t state when the breach occurred, but it launched an investigation after becoming aware of an uptick in scammers posing as Trend Micro support in early August. It was not until October that it confirmed the information had been stolen and sold by an employee.
In September the company issued a general advisory warning customers about technical support scams posing as Trend Micro support. It warned that “scammers impersonate legitimate technology vendors, including Trend Micro, in order to extract payment or other sensitive information from victims.”
Trend Micro said there was no indication the employee accessed financial or credit payment information. It also claims data from its business and government customers was not improperly accessed.
The theft however could have caused serious problems for Trend Micro customers given the level of detail the scammers had access to, which would have increased the chances that victims would pay the scammer, install unwanted software or malware suggested by the scammer, or hand over a password to them.
Also, while the employee has been terminated, it doesn't mean the users whose details were stolen will stop receiving the scam calls or emails.
Trend Micro told CSO Online that "every impacted consumer customer has been or will be contacted by Trend Micro by email with information on what to do and where to get support."
The breach is an embarrassing incident for the cybersecurity company, which should have systems in place to prevent insider threats like this. Trend Micro has also warned consumers about the risks of tech support scammers for years, yet now is the source of new tech support scam risks that affect its own consumers.
The company has not detailed how the employee stole the customer database but it said the person "engaged in a premeditated infiltration scheme to bypass our sophisticated controls."
Trend Micro declined to tell CSO Online how the employee was able to steal the data, but noted that it has "increased our internal security features and processes with regards to accessing the consumer database including continuous monitoring and alerting of suspicious activities."
It also stressed that it does not call customers without scheduling a support call in advance, so customers should not expect calls from its legitimate staff out of the blue.
“If you receive an unexpected phone call claiming to be from Trend Micro, hang up and report the incident to Trend Micro support," the company said.