Antivirus software company Trend Micro revealed about a security incident in which a rogue employee accessed customer data for criminal purposes. The personal information of some of the customers who bought its PC security products was disclosed in the incident.
The number of affected customers were not revealed and the company has already notified them and looped in law enforcement.
The incident happened in August and Trend Micro considered it to be a malicious internal source that engaged in a premeditated infiltration scheme to bypass the company’s sophisticated controls.
The company claims that the criminals began scam-calling customers while impersonating as staff members. It was by the end of October, that the company found that the attack was coordinated by an employee who used a customer support database with names, phone numbers, email addresses and support ticket numbers and then allegedly sold the stolen information to a third party.
However, no financial or credit card payment information was accessed and that business and government customers were also not affected.
Trend Micro stated that they have taken immediate action to contain the situation which includes disabling the unauthorized account access and terminating the employee in question. The investigation is going on and they are continuing to work with law enforcement.
The antivirus company informed that it never calls customers unexpectedly.