TrendMicro antivirus customers’ information was leaked and sold to online scammers

We must not forget that even specialized companies can suffer cybersecurity incidents. According to digital forensics experts, an employee of Japan-based security firm TrendMicro was discovered stealing information from the company’s customers and selling it to third parties aiming to deploy sophisticated tech support scam campaigns.

The targets of this campaign were the company’s customers using a home-use security solution, who received phone calls from threat actors posing as TrendMicro customer service employees.

The company began receiving reports on these calls, in which criminals used information only operated by some of TrendMicro employees, leading them to intuit that the attackers had the collaboration of an insider. After an internal investigation, TrendMicro determined that an employee had been improperly accessing a database operated by the company’s customer service area to extract sensitive information and sell it to scammers.

“After a thorough investigation, our digital forensics team was able to confirm that this is an internal threat,” the company mentions a blog post. “One of our employees fraudulently accessed our customer support databases, extracting information including names, email addresses, phone numbers, and client support query backup”.    

Insider threats are becoming increasingly frequent

The company also added that, so far, there is no evidence to prove that other sensitive data, such as payment card information, was also compromised. The employee has already been fired by TrendMicro and is awaiting legal proceedings against him.

The company claims that less than 1% of TrendMicro tech support users were affected by this fraudulent campaign. In addition, the company’s digital forensics team report highlights the fact that only English speakers were attacked in this campaign.

Although no financial data was extracted from affected customers, it is possible that the attackers tried to make arbitrary charges for support services that were not really needed. 

As a security measure, users are reminded that TrendMicro never makes unsolicited support calls, so in case of receiving a call from an alleged customer service employee users must hang up immediately and, if possible, notify TrendMicro.

International Institute of Cyber Security (IICS) digital forensics specialists mention that TrendMicro’s corporate clients were not targeted by the operators of this campaign, although they recommend that the company remain vigilant, as this is the second incident of unauthorized access to sensitive information that occurred recently on TrendMicro. A few months ago, it was reported that an unidentified hacker accessed a company test lab and managed to extract more than 30 terabytes of information, including sensitive source code.