A rogue employee at Trend Micro was caught helping criminals scam company customers through a fake tech support scheme.

The employee supplied names, email addresses, phone numbers, and customer support ticket numbers to the scammers, who used the information to call customers while pretending to be Trend Micro support staff.

About 70,000 users of the company's home security solution had their personal data exposed in the breach, the antivirus company told PCMag.

"We took swift action to contain the situation, including immediately disabling the unauthorized account access and terminating the employee in question, and we are continuing to work with law enforcement on an ongoing investigation," Trend Micro said in a Wednesday blog post.

So far, the company is still determining what the criminals were after. But tech support scams often try to charge victims for unnecessary IT services.

The company became aware of the scam in early August after receiving complaints from customers. It was only at end of last month when Trend Micro concluded the scam originated from a rogue employee, who was supplying an unknown third party with the customer information.

The unnamed employee "used fraudulent means" to gain access to a Trend Micro support database as part of a premeditated attack, the company added. However, the investigation has uncovered no evidence that payment card or financial information was exposed in the breach.

"Our investigation further shows that the criminals were only targeting English-speaking customers, and we have only seen data accessed in predominantly English-speaking countries," the company added. No government or enterprise customers were hit.

Trend Micro says it's already notified users who had their data exposed. If you encountered the scam, you can contact the company's customer support portal for assistance.

The incident shows that even an antivirus company isn't immune to the insider threat, in which an employee goes rogue. Other companies such as Yahoo and AT&T have also experienced incidents with staffers abusing their access to break into people's email accounts or to help fraudsters.

Further Reading

Security Reviews