Trend Micro says one of its employees stole and sold customer data

Antivirus software company Trend Micro on Tuesday revealed a security incident in which an employee accessed customer data for criminal purposes. The personal data of an unknown number of customers who bought its PC security products was disclosed, the company said. Trend Micro has already notified affected customers and looped in law enforcement.

Trend Micro called the attack, which it said took place in early August, "a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls."

The company alleges criminals began scam-calling customers while impersonating staff members. At the end of October, it discovered the attack was coordinated by an employee who used a customer support database with names, phone numbers, email addresses and support ticket numbers and then allegedly sold the stolen information to a third party.

No financial or credit card payment information was accessed, Trend Micro said. Business and government customers were also unaffected.

"We took swift action to contain the situation, including immediately disabling the unauthorized account access and terminating the employee in question, and we are continuing to work with law enforcement on an ongoing investigation," Trend Micro said in a blog post.

The antivirus company advised that it never calls customers unexpectedly.