Trend Micro employee stole and sold customer data

Antivirus software company Trend Micro has revealed a security incident where an employee accessed customer data for criminal purposes. The personal data of an unnamed number of customers who bought its PC security products was disclosed, Trend Micro said Wednesday. It has already notified affected customers, and looped in law enforcement.

Trend Micro called the attack, which took place in early August, "a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls."

The company alleges criminals began scam-calling customers while impersonating staff members. It discovered at the end of October that the attack was coordinated by an employee who used a customer support database with names, phone numbers, email addresses and support ticket numbers and then allegedly sold the stolen info to a third party.

No financial or credit card payment information was accessed, Trend Micro said. Business and government customers were also unaffected.

"We took swift action to contain the situation, including immediately disabling the unauthorized account access and terminating the employee in question, and we are continuing to work with law enforcement on an ongoing investigation," Trend Micro said in a blog post.

The antivirus company advised that it never calls customers unexpectedly.