ericalexanderorg
commented
4 years ago TrendMicro has an announced a security incident where an employee was stealing consumer customer information and selling it to a third-party to use in tech support scams. In August 2019, TrendMicro learned that some of their customers running home security solutions were receiving tech support scam phone calls that impersonated TrendMicro tech support agents. The scammers utilized information in these calls that led TrendMicro to believe that this was more than a random phone call and that it could have been an insider threat. After conducting an investigation, it was determined in October that these phone calls were caused by a TrendMicro employee performing unauthorized access to a customer support database, stealing consumer customer information, and selling it to third-party tech support scammers. "Although we immediately launched a thorough investigation, it was not until the end of October 2019 that we were able to definitively conclude that it was an insider threat," TrendMicro stated in a blog post. "A Trend Micro employee used fraudulent means to gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers. There are no indications that any other information such as financial or credit payment information was involved, or that any data from our business or government customers was improperly accessed." As we reported in May 2019, a hacker gained access to a TrendMicro test lab and was able to allegedly access over 30TB of source code files.
https://www.bleepingcomputer.com/news/security/trendmicro-employee-sold-customer-info-to-tech-support-scammers/