Published: February 29, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
Trend Micro, an international IT security company, announced an “insider attack” compromised the data of 68,000 customers last year. The cybersecurity provider and defense company discovered a rogue employee accessed customer data and sold it before being caught in what the company says was a pre-meditated criminal attack. It’s believed the employee accessed a customer support database holding the names, phone numbers, email addresses, and support ticket numbers of 68,000 consumer clients before selling it to hackers. Armed with the swiped data, cybercriminals then enacted a phone scam impersonating Trend Micro employees.
Trend Micro discovered the attack after finding customers using their home security protection software began receiving scam phone calls in what’s being seen as a coordinated attack. Criminals who purchased the pilfered info then posed as legitimate Trend Micro support personnel, possibly to steal even more critical data like payment and other financial information. The company says the attack is limited to consumer accounts only and does not include their enterprise clients, saying less than 1% of their 12 million consumer customers were affected. They also note, no business or government data was stolen.
The company launched an immediate investigation, uncovering the employee theft, saying “We took swift action to contain the situation, including immediately disabling the unauthorized account access and terminating the employee in question, and we are continuing to work with law enforcement on an ongoing investigation.” In a public post on their website, Trend Micro stated the hack was “…a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls…”
The multinational cybersecurity provider found the phone scam affected predominantly English-speaking customers in English-speaking countries only. Trend Micro says they do not call customers unexpectedly, but instead schedules support calls in advance. Any customer receiving an unexpected support call should hang up and contact Trend Micro immediately by using official contact details only.
According to Trend Micro, the rogue employee acted with “clear criminal intent” to perpetrate the hack and sell the data to a “currently unknown” group of third-party phone tech support scammers. Trend Micro has notified the customers victimized by the crime and will continue to inform other customers who may be affected.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org