Trend Micro: 68,000 user accounts compromised by ex-employee

Trend Micro confesses to compromise that led to user account details finding their way into the hands of a criminal third party

Trend Micro has admitted that as many as 68,000 user account details were stolen and sold to a criminal third-party by one of its former employees.

In a blog post disclosing the incident, the security software company added that it only discovered the inside job after it started receiving complaints from customers about suspicious calls purporting to be from Trend Micro.

"We immediately started investigating the situation and found that this was the result of a malicious insider threat. The suspect was a Trend Micro employee who improperly accessed the data with a clear criminal intent," the company warned.

It continued: "We immediately began taking the actions necessary to ensure that no additional data could be improperly accessed, and have involved law enforcement."

It was not until the end of October 2019 that we were able to definitively conclude that it was an insider threat

The company claims that it was made aware of the incident in August 2019.

"Trend Micro became aware that some of our consumer customers running our home security solution had been receiving scam calls by criminals impersonating Trend Micro support personnel. The information that the criminals reportedly possessed in these scam calls led us to suspect a coordinated attack.

"Although we immediately launched a thorough investigation, it was not until the end of October 2019 that we were able to definitively conclude that it was an insider threat."

That investigation eventually found that a Trend Micro employee had "used fraudulent means to gain access to a customer support database" containing names, email address, support ticket numbers - meaning that the customers had all been in legitimate contact with Trend Micro - and, in some instances, telephone numbers.

However, the company claims that there are "no indications" that customer financial details of any kind was compromised. No details of business or public sector customers was compromised, the company added. Only English-speaking customers in English-speaking countries were targeted, it added.

Insiders compromising private information can generally expect harsh punishments if they are identified and convicted. Andrew Skelton, the internal IT senior auditor at Morrisons who deliberately spilled payroll information of just under 100,000 Morrisons supermarket workers was found guilty in July 2015 and won't be considered for release until January 2020.