Trend Micro employee sold criminals data that fueled targeted scams

1% of Trend Micro's customers received a call from tech support scammers – the personal information was stolen by an insider

Trend Micro employee sold customer data to tech support scammers

A new security incident was discovered by one of the most prominent anti-virus makers – Trend Micro. According to an official blog post that was published by the firm on Tuesday,^[1] November 5, one of its employees accessed customer information database and harvested data, which later was sold to tech support scammers for profits. Trend Micro started the investigation in early August 2019 after receiving reports from its clients, and it soon became clear that the attacks are highly targeted.

Further inspection revealed that the data leak was not a result of a hack or similar unauthorized access to the customer data but rather an inside job. As a result, the malicious actor was fired from the position, and law enforcement was also contacted due to the criminal activity that took place.

Trend Micro began contacting the affected users and apologized for the incident:

That said, we hold ourselves to a higher level of accountability and sincerely apologize to all impacted customers for this situation. Based on the current status of our investigation, we believe that all of the consumers who were potentially affected have already received individual notices from Trend Micro, but we will continue to investigate and provide further notices in the event that any further affected customers are identified.

This is not the first security incident related to the popular AV developer. Earlier this year, Trend Micro fell a victim of an outside attack that resulted in the exposure of internal files related to the source code of the software.^[2] In 2018, the company had to apologize due to its Mac version of the security app was harvesting customer data and sending it to remote servers.^[3]

No financial information was revealed during the incident

The investigation began when the security firm found out about users being targeted by tech support scammers that pretended to be from Trend Micro customer support. As it turned out, the information that malicious actors possessed included names, emails, support tickets data, and, in some cases, phone numbers. Regular scammers do not have access to such data and rely on users themselves to disclose it by using deception.

While Trend Micro began to suspect that the incident might be an inside job, the definite confirmation came only at the end of October. According to the security firm, the employee used “fraudulent means” to access the database and then sold the information to “currently-unknown third-party malicious actor.” The firm also confirmed that no credit card information or other financial data was accessed during the leak.

Out of 12 million Trend Micro customers, only around 1% was affected by the scam attempts. Nevertheless, the number is still quite high, considering that unsolicited calls were made to around 120,000 people. As revealed by internal research, tech support scammers targeted only English-speaking customers from English-speaking countries, and not enterprise-related data was involved in the incident.

It is yet unknown whether the affected users will be compensated due to the incident and whether the malicious actor will try to sell on the information obtained from this Trend Micro breach.

Do not be discouraged to use tools that protect you from all evil on the internet

Security solutions are set in place to protect users from unsolicited outside attacks that seek monetary gain or personal information. As it turns out, in some cases, those security solutions might be the cause of the threat (for example, Webroot console was used to distribute Sodinokibi ransomware^[4] back in June).^[5] Nevertheless, the human factor can never guarantee complete confidence and loyalty – sometimes bad actions come from trusted people, and it happened multiple times before in law enforcement, government, and other high-profile institutions.

Anti-malware software is a mandatory tool that can prevent malware attacks and protect from users' identity theft. In some cases, the broken trust is hard to earn – Trend Micro users who did get scammed in the incident might consider switching to another company for online protection. Nevertheless, the AV maker immediately took appropriate action after more details came to light – fired the culprit that engaged in illegal behavior and contacted law enforcement for criminal investigation.

Trend Micro also warned its current users that the real tech support would never contact them without prior notice:

If you have purchased our consumer product, you should know that Trend Micro will never call you unexpectedly. If a support call is to be made, it will be scheduled in advance. If you receive an unexpected phone call claiming to be from Trend Micro, hang up and report the incident to Trend Micro support using our official contact details below.

Those needing further assistance due to the incident should contact Trend Micro directly.