An employee of Cyber-security company Trend Micro has sold the data of 68,000 customers to an unknown third party.
The employee had gained unauthorized access to a customer support database that contained customer names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers.
The company started an investigation after customers began to receive fraudulent calls in which scammers were impersonating its employees and concluded that the incident was the result of a malicious insider threat.
“The suspect was a Trend Micro employee who improperly accessed the data with a clear criminal intent,” the company said in a blog post.
According to Trend Micro, the impacted customers are English-speaking and have since been notified. The estimated number of consumer customers affected is 68,000. The company says this security incident affects less than 1% of Trend Micro’s 12 million consumer customers.
Trend Micro has fired the employee in question and is working with law enforcement on an ongoing investigation. The company says that Trend Micro will never call its customers unexpectedly. If a support call is to be made, it will be scheduled in advance.