A Trend Micro employee improperly accessed the personal data of approximately 68,000 customers "with a clear criminal intent," the company wrote in a blog post.
Trend Micro has terminated the employee responsible for the security incident, disabled unauthorized customer account access and is working with law enforcement to investigate the incident.
Trend Micro discovered a security threat in August, the company said. At the time, some customers using Trend Micro's home security solutions received scam calls from criminals impersonating the company's support personnel; Trend Micro suspected that the scam calls were coordinated attacks against these customers.
Trend Micro launched an investigation as soon as it learned about the security incident. It found that a malicious internal source "engaged in a premeditated infiltration scheme" to bypass its customer data security controls, the company indicated.
In its investigation, Trend Micro found that an employee illegally accessed a customer support database that contained names, email addresses and other customer data, the company said. This employee then sold the stolen information to a currently unknown third-party malicious actor.
Furthermore, Trend Micro's investigation into the security incident revealed that customers' financial or credit payment information was unaffected, the company stated. The investigation also showed that only English-speaking customers were targeted.
Trend Micro provides cybersecurity solutions across data centers, cloud environments, networks and endpoints. The company supports 12 million customers worldwide.
