Global cyber security software company, Trend Micro, has suffered a data breach at the hands of an employee who stole and then sold on the data of thousands of customers. The ‘malicious insider’ carried out a premeditated attack, bypassing the company’s control systems to gain unauthorised access to a customer database containing names, email addresses, support ticket numbers and some phone numbers. Trend Micro first became aware of the issue in August when some of their consumer customers began receiving phishing phone calls, but they couldn’t confirm it was an internal source until the end of October.
The company has apologised and given assurances that the incident has been contained and is being thoroughly investigated. They have also advised that they never make unsolicited phone calls, so if customers receive an unexpected call from someone claiming to be from Trend Micro, they should hang up and report the scam using the genuine contact details on their website.