IF YOU'VE RECEIVED a mysterious phone call claiming to be from security firm Trend Micro recently, then we have some bad news: yours was likely one of 68,000 accounts sold to a mysterious third party by a (now ex) employee.
The company issued an apology in a blog post clunkily titled "Trend Micro Discloses Insider Threat Impacting Some of its Consumer Customers" - weird how it talks about the company as if it were a third party, but okay.
After an intro explaining that the breach was an inside job, the company eventually reached the mea culpa four paragraphs in: "That said, we hold ourselves to a higher level of accountability and sincerely apologise to all impacted customers for this situation."
After a spate of complaints from customers getting spam calls purporting to be from Trend Micro and knowing an eerie amount about them, the firm initially assumed cyberattack. When they found no evidence of this, they hit upon the real culprit: an employee the firm promptly fired.
"Our investigation revealed that this employee sold the stolen information to a currently unknown third-party malicious actor," the post explains. "We took swift action to contain the situation, including immediately disabling the unauthorised account access and terminating the employee in question, and we are continuing to work with law enforcement on an ongoing investigation."
If you're impacted, you should have had a note from the company. But on the off chance you haven't, Trend Micro thinks that data sold includes names, email addresses, support ticket numbers and, "in some cases", phone numbers - unsurprisingly if they're calling you on your phone.
"There are no indications that any other information such as financial or credit payment information was involved, or that any data from our business or government customers was improperly accessed," the company added.
The post concludes with a bit of general advice: Trend Micro won't call you unexpectedly. "If a support call is to be made, it will be scheduled in advance," the post says. "If you receive an unexpected phone call claiming to be from Trend Micro, hang up and report the incident to Trend Micro support."
As for the unnamed ex-employee, if the company has proof - and you'd imagine the evidence is pretty strong if it feels confident enough to fire him or her - then there could be a severe punishment on the way. Just ask Andrew Skelton, still in prison for selling Morrison's' user data back in 2014. µ
Might need to come up with a better name though
There's an app for *that*
American as Apple Spy