{"id":16776,"date":"2019-11-05T09:00:02","date_gmt":"2019-11-05T17:00:02","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/11\/05\/news-10515\/"},"modified":"2019-11-05T09:00:02","modified_gmt":"2019-11-05T17:00:02","slug":"news-10515","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/11\/05\/news-10515\/","title":{"rendered":"Trend Micro Discloses Insider Threat Impacting some of its Consumer Customers"},"content":{"rendered":"

Credit to Author: Trend Micro| Date: Tue, 05 Nov 2019 15:45:47 +0000<\/strong><\/p>\n

W<\/span>e<\/span>\u00a0recently\u00a0<\/span>became aware of a security incident that resulted in the unauthorized disclosure of\u00a0<\/span>some personal data\u00a0<\/span>of an isolated number of customers<\/span>\u00a0<\/span>of our consumer product<\/span>.\u00a0\u00a0<\/span>We<\/span>\u00a0immediately started investigating the situation and foun<\/span>d that this was the result of a<\/span>\u00a0<\/span>malicious\u00a0<\/span>insider threat<\/span>. The suspect was\u00a0<\/span>a Trend Micro employee who\u00a0<\/span>improperly\u00a0<\/span>accessed the data with a clear crim<\/span>inal intent.\u00a0<\/span>\u00a0<\/span><\/p>\n

We\u00a0<\/span>immediately\u00a0<\/span>began\u00a0<\/span>taking the actions\u00a0<\/span>necessary to ensure\u00a0<\/span>that\u00a0<\/span>no additional data c<\/span>ould<\/span>\u00a0be improperly<\/span>\u00a0accessed,<\/span>\u00a0and\u00a0<\/span>have\u00a0<\/span>involve<\/span>d<\/span>\u00a0law enforcement.\u00a0<\/span>\u00a0<\/span>\u00a0<\/span><\/p>\n

Our open investigation has confirmed\u00a0<\/span>that\u00a0<\/span>t<\/span>his was not an external hack<\/span>,<\/span>\u00a0but rather the work of a<\/span>\u00a0<\/span>malicious\u00a0<\/span>internal source that\u00a0<\/span>engaged in a\u00a0<\/span>premeditated infiltration<\/span>\u00a0scheme<\/span>\u00a0to bypass our sophisticated controls.\u00a0\u00a0<\/span>\u00a0<\/span><\/b>\u00a0<\/span><\/p>\n

That said, we hold ourselves to a higher level of accountability and\u00a0<\/span>sincerely\u00a0<\/span>apologize to\u00a0<\/span>all\u00a0<\/span>impacted customers for this situation.<\/span>\u00a0<\/span>Based on the current status of our investigation, we believe that all of the consumers who were potentially affected have already received individual notices from Trend Micro, but we will continue to investigate and provide further notices in the event that any further affected customers are identified.<\/span>\u00a0<\/span><\/p>\n

WHAT HAPPENED<\/span><\/b>\u00a0<\/span><\/p>\n

In early\u00a0<\/span>August<\/span>\u00a02019, Trend Micro became aware that some of our c<\/span>onsumer c<\/span>ustomers\u00a0<\/span>running our home security solution\u00a0<\/span>had<\/span>\u00a0been receiving scam calls by criminals impersonating Trend Micro support personnel.\u00a0 The information that the criminals reportedly possessed in these scam calls led us to suspect a coordinated attack.<\/span>\u00a0<\/span><\/p>\n

Although we immediately launched a thorough investigation, it was not until\u00a0<\/span>the end of October\u00a0<\/span>2019 that we were able to definitively conclude that\u00a0<\/span>it was an insider threat. A<\/span>\u00a0Trend Micro employee used fraudulent means to gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers.\u00a0<\/span>There are no indications that any other information such as financial or credit payment information<\/span>\u00a0was involved,<\/span>\u00a0<\/span>or\u00a0<\/span>that any data from our\u00a0<\/span>business or government<\/span>\u00a0customers was improperly accessed.\u00a0\u00a0<\/span>\u00a0<\/span><\/p>\n

Our<\/span>\u00a0investigation revealed that this employee sold the\u00a0<\/span>stolen<\/span>\u00a0information to a currently unknown third-party\u00a0<\/span>malicious actor.\u00a0<\/span>We took swift action to contain the situation, including immediately disabling the\u00a0<\/span>unauthorized\u00a0<\/span>account access and terminating the employee in question, and we are continuing to work with law enforcement on an ongoing investigation.<\/span>\u00a0<\/span>\u00a0<\/span><\/p>\n

TREND MICRO DOES NOT CALL CONSUMERS UNSOLICITED\u00a0<\/span><\/b>\u00a0<\/span><\/p>\n

If you have purchased our consumer product, you\u00a0<\/span>should know that Trend Micro will never call you unexpectedly. If a support call is to be made, it will be scheduled in advance. If you receive an unexpected phone call claiming to be from Trend Micro, hang up and report the incident to Trend Micro\u00a0<\/span>s<\/span>upport using our official contact details below.<\/span>\u00a0<\/span><\/p>\n

We encourage you to please contact us for further assistance if you need any help related to any technical issues that may have arisen from interaction with the scammers.\u00a0 These technical assistance support services, as with all support services, are already covered by your active license subscription.<\/span>\u00a0<\/span><\/p>\n

ADDITIONAL IMPORTANT INFORMATION<\/span><\/b>\u00a0<\/span><\/p>\n