Do you always uncomfortable trusting companies with your data? If so, you’re not alone.
While companies do much to protect themselves from external threats, insiders always pose the highest risk to a company’s data.
Unfortunately, when we say companies can’t eliminate insider threat completely, cybersecurity firms, who are meant to protect others, are not an exception.
Cybersecurity firm Trend Micro has disclosed a security incident this week carried out by an employee who improperly accessed the personal data of thousands of its customers with a “clear criminal intent” and then sold it to a malicious third-party tech support scammers earlier this year.
According to the security company, an estimated number of customers affected by the breach is 68,000, which is less than one percent of the company’s 12 million customer base.
Trend Micro first became aware of the incident in early August 2019 when it found that some of its consumer customers were receiving scam calls by criminals impersonating its support employee, which initially led the company to suspect a coordinated attack.
However, a thorough investigation of at least two months into the matter revealed that the incident was not due to an external hack of its systems, rather an insider, who gained access to one of the Trend Micro’s customer support databases.
“[It was] the work of a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls,” the company said in a blog post published Tuesday.
The stolen database contained Trend Micro consumer customers’ names, email addresses, Trend Micro support ticket numbers, and in some instances, phone numbers.
According to the company, the rogue employee did not appear to have stolen any financial or credit card information, and no Trend Micro’s business or government customers were affected by the breach.
images from Hacker News