TrendMicro has an announced a security incident where an employee was stealing consumer customer information and selling it to a third-party to use in tech support scams.

In August 2019, TrendMicro learned that some of their customers running home security solutions were receiving tech support scam phone calls that impersonated TrendMicro tech support agents.

The scammers utilized information in these calls that led TrendMicro to believe that this was more than a random phone call and that it could have been an insider threat.

"The information that the criminals reportedly possessed in these scam calls led us to suspect a coordinated attack. "

After conducting an investigation, it was determined in October that these phone calls were caused by a TrendMicro employee performing unauthorized access to a customer support database, stealing consumer customer information, and selling it to third-party tech support scammers.

"Although we immediately launched a thorough investigation, it was not until the end of October 2019 that we were able to definitively conclude that it was an insider threat," TrendMicro stated in a blog post. "A Trend Micro employee used fraudulent means to gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers. There are no indications that any other information such as financial or credit payment information was involved, or that any data from our business or government customers was improperly accessed."

After learning the identity of the insider, they terminated their employment and are now working with law enforcement.

According to their investigation, this scam affected less than 1% of TrendMicro's 12 million consumer customers and only targeted English-speaking users.

No financial information was believed to have been stolen, but this is obviously concerning as these highly targeted attacks could have led to consumers being charged for unnecessary tech support services.

TrendMicro warns that they will never call any of their consumer customers and if a consumer receives a call from someone claiming to be TrendMicro, they should immediately hang up.

As for Enterprise users, TrendMicros's investigation indicates that no enterprise customer data was accessed as part of this activity.

While this security incident was not an external hack and an insider threat, this is not the first time this year that an unauthorized user gained access to a TrendMicro system. As we reported in May 2019, a hacker gained access to a TrendMicro test lab and was able to allegedly access over 30TB of source code files.