Trend Micro employee sold user data to tech support scammers

Trend Micro has fired an employee who sold information on 68,000 customers to tech support scammers who in turn used it to for fraudulent calls in which they impersonated the security company's staffers.

The security company said it became aware in August this year that criminals impersonating Trend Micro support stuffers were calling customers running its home security solution.

At first, an external hack was suspected, as was the case in May when Russian hacking collective Fxmsp stole a claimed 30 terabytes of source code from Trend Micro, Symantec and McAfee and put it up for sale with an asking price of US$300,000.

While Trend Micro admitted it had been hacked, Symantec and McAfee denied the claims.

Despite launching an investigation into the matter immediately, it took Trend Micro until the end of last month to conclude that a rogue staffer had accessed a customer support database, and sold the information it contained to an unknown third-party.

Trend Micro said the database contained customer names, email addresses, and in some cases, phone numbers.

It also contained Trend Micro support ticket numbers, but the security vendor said there's no indication currently that financial or credit card payment data and believes the government and business customer information it holds weren't touched.

English-speaking customers and countries were targetted, and Trend Micro estimates that the number affected is 68,000.

Apart from firing the employee, Trend Micro has disabled unauthorised access to the customer database and is working with law enforcement in the continuing investigation.

It is not clear if any customers systems or data were damaged by the cold-calling criminals, but Trend Micro promised it would help anyone in that situation.

The security vendor warned that Trend Micro staffers will never call customers unexpectedly.

Instead, support calls are scheduled in advance.

Customers who receive unsolicited calls claiming to be from Trend Micro are advised to hang up immediately, and to report them to the security vendor.

Trend Micro claimed it has some 12 million customers currently.