Cybersecurity and defense company Trend Micro revealed that one of its employees illegally accessed and sold personal information of around 68,000 of its customers.
The company stated that customers’ data like names, email addresses, ticket support numbers, and phone numbers were copied from its internal database by the employee and sold off to scammers. However, Trend Micro stated that payment card details or enterprise customer accounts have not been accessed.
Trend Micro became aware of the incident in August 2019, after some of its customers complained that they’re receiving scam calls by criminals impersonating Trend Micro staff.
“Our open investigation has confirmed that this was not an external hack, but rather the work of a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls,” Trend Micro said in a statement.
“Our investigation revealed that this employee sold the stolen information to a currently unknown third-party malicious actor. We took swift action to contain the situation, including immediately disabling the unauthorized account access and terminating the employee in question, and we are continuing to work with law enforcement on an ongoing investigation,” the statement added.
With its HQ in Japan, Trend Micro is a major player in the information and network security landscape. Founded in 1988, the company holds a variety of cybersecurity merchandise for multiple operating systems, including threat detection, and antivirus products.
In its Mid-Year Cybersecurity report, Trend Micro revealed that out of 1.8 billion ransomware threats, from January 2016 to June 2019, the highest number of ransomware threats (42.98 percent) are suffered by businesses in Asia. And the companies in India reported around 23.88 percent of ransomware attacks in the first half of 2019, the report stated.
The company recently revealed a 265 percent increase in Fileless Attacks in the first half of 2019 when compared with the same period in 2018. A Fileless Attack, also known as a zero-footprint attack or non-malware attack, will not install any malicious software on a user’s computer, as it exploits applications that are already installed in the device.