Trend Micro reported about an unpleasant incident that occurred this summer: an employee of the company sold 68,000 clients personal information to fraudsters (less than 1% of the total 12 million user base of the company).
It all started in August 2019: users are increasingly receiving suspicious phone calls from people who appear to be Trend Micro support staff. It soon became clear that scammers are not only good at using social engineering, but they do have detailed customer information, that is, they call well prepared. After that, Trend Micro began an investigation of what was happening.
The investigation ended at the end of October and revealed that the blame for the incident lay with an insider – an unnamed Trend Micro employee who intentionally obtained unauthorized access to user data and then sold this information to yet unknown scammers. As a result, the criminals had at their disposal the names of customers, email addresses, numbers of applications submitted to the support service, and in some cases phone numbers. The aforementioned attacks mainly affected the English-speaking customers of the company.
Representatives of Trend Micro emphasize that the leak did not affect the payment data of users, and information about corporate and government customers of the company was not stolen.
An employee who has stolen and resold personal data has already been fired, and his account has been blocked. All information about the incident was transmitted to law enforcement officials.
At the company, I advise users not to communicate with Trend Micro support representatives if they receive such a call. In this case, you should immediately hang up the phone and call back to the company's support team yourself using official contact information.