Rogue Trend Micro Staff Member Steals Customer Data Then Sells It
Cyber-security company Trend Micro is facing a major problem after one of their staff went rogue, selling confidential information on their customers.
At this stage, it’s not known if any Australian customers are among the stolen information.
The company in an overnight statement confirmed that an employee sold information from its customer-support database, including names and phone numbers, to a third party.
The theft was discovered when back in August 2019 rogue operators started calling customers claiming that they were from Trend Micro.
At this stage, we know that at least 70,000 customers are affected but there could be more as there is uncertainty over how much was stolen.
“It’s every security firm’s nightmare for something like this to occur,” cyber-expert and writer Graham Cluley told BBC News.
“You can have all the security in place to prevent external hackers from getting in but that doesn’t stop internal staff from taking data and using it for nefarious purposes,” he said.
“If a cyber-security firm like Trend Micro can fall victim to a security breach, it can happen to any company.”
Trend Micro provides cyber-security and anti-virus tools to consumers in Australia.
The scammers knew so much information about their targets that Trend Micro suspected its customer support database had been breached.
It later found out its systems had not been attacked over the internet and it was instead facing a “malicious insider threat”.
“The suspect was a Trend Micro employee who improperly accessed the data with clear criminal intent,” the company said in a blog post.
“Our investigation revealed that this employee sold the stolen information to a currently unknown third-party malicious actor.”
The company said it was working with police and the employee in question had been fired.