Trend Micro has revealed a rogue employee has stolen 120,000 consumer customer records from an internal customer service database.
Trend Micro first became aware of the attack in early August, 2019. Customers of Trend Micro’s home security product reported they had received calls from scammers impersonating Trend Micro support staff.
After nearly two months of investigation, the company concluded in late October the work was pulled off by a malicious insider with a “clear criminal intent.”
“Our open investigation has confirmed that this was not an external hack, but rather the work of a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls,” Trend Micro stated on a blog post.
The investigation revealed the Trend Micro employee gained access to customer names, email addresses, Trend Micro support ticket numbers, and some phone numbers. However, the company said no payment card data was stolen. The insider subsequently sold the data to an unknown third party and then used in the scam calls.
Trend Micro also confirmed the stolen records was a small percentage (1%) of the overall 12 million consumer customers. In addition, the company said there was no evidence the criminals had access to any business or customer data.