More and more companies need to be aware of exactly “who has access to your critical data”. Even the security company expert, Trend Micro who are a multinational cyber- security defence company had an embarrassing security lapse that resulted in an employee being fired! This employee sold information on 68,000 of Trend Micro’s customers, to tech support scammers. As a result, the fraudsters impersonated the security vendors employees and called their customers regarding their home security!
Initially, Trend Micro thought an external hack was responsible, like the last time. In May last year a Russian hacking collective Fxmsp stole a claimed 30 terabytes of source code from Trend Micro, Symantec and McAfee and put it up for sale with an asking price of US$300,000. https://www.advanced-intel.com/post/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies
In Trend Micro’s defence they launched into an investigation immediately. But the process took time. Eventually they found the rogue employee had accessed a customer database and sold the information on it, to an unknown third-party.
The database contained customer names, email addresses, and phone numbers along with Trend Micro support ticket numbers. Fortunately, there is no indication that any financial or credit card information was touched. Also, none of the customers effected included government or the business sector.
Trend Micro have thankfully asked themselves, “who has access to your critical data” and disabled all unauthorised access to their customer database. They are also continuing the investigation with law enforcement.
It isn’t certain whether any customers systems or data were damaged by the cold-calling criminals and Micro Trend have told customers that their staff would never call them out of the blue. Calls are scheduled in advance. Customers getting any unsolicited calls from these fraudsters are advised to hang up immediately and contact Trend Micro.