Cybersecurity firm Trend Micro recently revealed that a significant data breach involved an employee who improperly accessed personal information belonging to thousands of customers, driven by “clear criminal intent.” This insider threat occurred earlier this year, with the company taking immediate actions upon discovery.
While businesses have implemented various defensive measures against external cyber threats, insider challenges often remain a persistent vulnerability. Trend Micro’s incident underscores the fact that even cybersecurity firms are not immune to internal risks, particularly when an employee, leveraging authorized access, exploits that opportunity for malicious intent.
According to the company, approximately 68,000 customers were affected by this breach—a number that represents less than one percent of its wider customer base of 12 million. The breach first came to light in early August 2019 when Trend Micro was alerted to reports of scam calls directed at its customers, allegedly from criminals impersonating support staff.
An investigation lasting at least two months determined that the breach did not result from an external cyberattack, but rather from an insider who gained access to one of Trend Micro’s customer support databases. The nature of this incident initiated immediate concerns regarding the security of customer data.
In a blog post, the company described the breach as “the work of a malicious internal source engaged in a premeditated infiltration scheme to bypass our sophisticated controls.” The compromised database contained sensitive data, including customer names, email addresses, support ticket numbers, and in certain cases, phone numbers. However, it is important to note that no financial or credit card information was compromised, and the breach did not impact any business or governmental clients of Trend Micro.
The rogue employee ultimately sold the accessed information to an unidentified third party, leading to affected customers receiving scam calls impersonating the firm’s representatives. As part of their response to this serious breach, Trend Micro terminated the employee’s account, dismissed the individual, and notified law enforcement while continuing to cooperate with ongoing investigations.
In light of the incident, Trend Micro has issued a caution to its customers regarding scam calls, clarifying that official support staff will never make unsolicited calls. “If a support call is necessary, it will be made following prior scheduling,” the company stated. Customers are advised to report any unexpected calls from purported Trend Micro representatives directly to the firm using verified contact points.
The implications of this incident serve as a stark reminder of the vulnerabilities posed by insider threats, echoing similar recent breaches, such as the case involving two former Twitter employees charged with unauthorized access to user accounts on behalf of the Saudi government.
As businesses navigate an increasingly complex cybersecurity landscape, understanding the potential risks stemming from insider threats and the measures necessary to mitigate them is critical. Applying frameworks like the MITRE ATT&CK Matrix can help organizations identify necessary strategies for initial access, privilege escalation, and persistence to fortify defenses against similar incidents.
