Trend Micro admits staffer stole and sold customer data

One of the biggest worries of CEOs and CISOs is that an employee will access and sell customer data. The odds of an insider threat aren’t great – breach statistics compiled over a decade by Verizon show that about one-third of breaches of security controls are caused by staff – but it’s still there.

So the IT industry was surprised on Tuesday when international security vendor Trend Micro acknowledged that a staff member had gone rogue.

In a statement, the company said “some personal data of an isolated number of customers of our consumer product” had been sold by an unnamed staffer who managed to fraudulently “bypass our sophisticated controls.” 

What the thief got was access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances, telephone numbers. The information was sold to an unknown person or persons.

The company realized something was wrong in August when it was told some people using its home security solution had received scam calls by people impersonating Trend Micro support personnel. An investigation was started but it was only until the end of last month when it was able to find the culprit.

There are no indications that information such as financial or credit payment information was involved, or that any data from our business or government customers was improperly accessed, the company said.

Related story: Public Safety Canada issues guide to lowering insider threat

Based in Tokyo, Trend Micro sells around the world. There is no indication in the release which country or countries victims were located.

According to SecurityWeek, the company has determined less than one per cent of the 12 million customers using its consumer solutions were affected, which could mean thousands of people.

“If you have purchased our consumer product, you should know that Trend Micro will never call you unexpectedly,” the statement says. “If a support call is to be made, it will be scheduled in advance. If you receive an unexpected phone call claiming to be from Trend Micro, hang up and report the incident to Trend Micro support.”

While insider attacks aren’t as common as threats from outside the firewall, they can be just as deadly if not more because some employees know exactly where sensitive (and valuable) data is. In June, Quebec-based financial services giant Desjardins Group acknowledged an insider had stolen information on 2.7 million consumer and business customers of its credit union. Last week the company corrected that number, saying data on all of its 4.2 million consumer customers had been exfiltrated.

Related story: Trusted insiders are now the most serious threat 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now