Incident: Rogue Employee Exposes Trend Micro Customer Data Impacting 70,000.

Published Date: 2019-11-06

Postmortem Analysis
Timeline 1. The software failure incident of the rogue employee exposing customer data at Trend Micro happened in August 2019 as mentioned in the article [92359].
System The system that failed in the software failure incident reported in Article 92359 was: 1. Trend Micro's customer-support database [92359]
Responsible Organization 1. The rogue Trend Micro employee who sold customer data to a third party was responsible for causing the software failure incident [Article 92359].
Impacted Organization 1. Customers of Trend Micro [92359]
Software Causes 1. Insider threat: The software failure incident at Trend Micro was caused by a rogue employee who improperly accessed the customer-support database and sold the information to a third party [92359].
Non-software Causes 1. Insider threat: The incident was caused by a rogue employee at Trend Micro who sold customer data to a third party [92359].
Impacts 1. Personal data of thousands of Trend Micro customers, including names and phone numbers, was exposed due to a rogue employee selling information from the customer-support database to a third party [Article 92359]. 2. Customers started receiving phone calls from scammers posing as Trend Micro staff, indicating a breach of trust and potential risk of falling victim to scams [Article 92359]. 3. Trend Micro suspected its customer support database had been breached when users of its home security software reported receiving scam phone calls, leading to concerns about the security of customer data [Article 92359]. 4. The incident highlighted the vulnerability of companies, even cyber-security firms like Trend Micro, to internal threats and the potential for employees to misuse data for criminal purposes [Article 92359]. 5. The company faced reputational damage and the challenge of rebuilding trust with its 12 million customers after the breach of personal data by an insider threat [Article 92359].
Preventions 1. Implement strict access controls and monitoring systems to prevent unauthorized access to sensitive customer data [92359]. 2. Conduct regular security audits and checks on internal systems to detect any unusual activities or breaches [92359]. 3. Provide comprehensive training to employees on data security protocols and the importance of safeguarding customer information [92359]. 4. Enforce a zero-tolerance policy towards data breaches and clearly communicate the consequences of such actions to all employees [92359].
Fixes 1. Implement stricter access controls and monitoring systems to prevent unauthorized access to sensitive customer data within the company's databases [92359]. 2. Conduct regular security audits and checks to identify any potential vulnerabilities or suspicious activities within the systems [92359]. 3. Provide comprehensive training and awareness programs for employees on data security protocols and the importance of safeguarding customer information [92359]. 4. Enhance data encryption methods to protect customer data both at rest and in transit [92359]. 5. Establish clear policies and procedures for handling customer data, including guidelines on how and when customer support staff can contact customers [92359].
References 1. Trend Micro company statement [Article 92359] 2. Cyber-expert and writer Graham Cluley [Article 92359] 3. Trend Micro blog post [Article 92359]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident having happened again at one_organization: - Trend Micro experienced a software failure incident where a rogue employee exposed customer data by selling information from its customer-support database to a third party [Article 92359]. - In a previous incident, Trend Micro received reports that many users of its home security software had been receiving scam phone calls, leading the company to suspect a breach in its customer support database [Article 92359]. (b) The software failure incident having happened again at multiple_organization: - The article does not provide specific information about similar incidents happening at other organizations or with their products and services.
Phase (Design/Operation) design, operation (a) The software failure incident in Article 92359 occurred due to contributing factors introduced by system development and procedures to operate or maintain the system. A rogue employee at Trend Micro improperly accessed the customer-support database and sold information to a third party, leading to customer data exposure. This breach was not a result of external hackers but rather an internal staff member with criminal intent [92359]. (b) The software failure incident in Article 92359 also involved contributing factors introduced by the operation or misuse of the system. Customers started receiving scam phone calls from individuals posing as Trend Micro staff, indicating that the stolen customer data was being used for fraudulent activities. This misuse of customer information highlights the operational impact of the software failure incident [92359].
Boundary (Internal/External) within_system (a) within_system: The software failure incident in this case was due to a rogue employee within the company who improperly accessed and sold customer data from the customer-support database [92359]. This internal breach led to the exposure of personal information of thousands of Trend Micro customers. The company confirmed that the suspect was a Trend Micro employee who had clear criminal intent and sold the stolen information to a third-party malicious actor. This incident highlights the risk of insider threats and the importance of internal security measures to prevent such breaches.
Nature (Human/Non-human) human_actions (a) The software failure incident in the Trend Micro case was not due to non-human actions but rather due to human actions. A rogue employee at Trend Micro sold customer data to a third party, leading to the exposure of personal information of thousands of customers [92359]. This incident was a result of a "malicious insider threat" where the employee improperly accessed the data with criminal intent [92359]. (b) The software failure incident in the Trend Micro case was due to human actions. The rogue employee at Trend Micro sold customer data to a third party, leading to the exposure of personal information of thousands of customers [92359]. This incident was a result of a "malicious insider threat" where the employee improperly accessed the data with criminal intent [92359].
Dimension (Hardware/Software) software (a) The software failure incident in Article 92359 was not directly related to hardware issues. The incident was caused by a rogue employee at Trend Micro who sold customer data to a third party, leading to customer data exposure and subsequent scam phone calls. The breach was attributed to a "malicious insider threat" rather than a hardware failure [92359]. (b) The software failure incident in Article 92359 was primarily due to contributing factors originating in software. The breach occurred when a Trend Micro employee improperly accessed the customer-support database and sold the stolen information to a third-party malicious actor. This incident highlights the vulnerability of internal systems to insider threats and the importance of robust security measures within software systems [92359].
Objective (Malicious/Non-malicious) malicious (a) The software failure incident in this case was malicious. A rogue employee at Trend Micro intentionally accessed and sold customer data from the company's customer-support database to a third party with criminal intent. This act led to the exposure of personal information of thousands of customers, causing harm and potential risks to those affected [92359].
Intent (Poor/Accidental Decisions) poor_decisions The intent of the software failure incident described in the articles is related to poor_decisions. The incident involved a rogue Trend Micro employee who intentionally accessed and sold customer data to a third party with criminal intent. The employee's actions were deliberate and not accidental, indicating a clear malicious motive behind the breach [92359].
Capability (Incompetence/Accidental) accidental (a) The software failure incident in Article 92359 was not directly related to development incompetence but rather to a rogue employee who intentionally accessed and sold customer data from Trend Micro's customer-support database. The incident was attributed to a "malicious insider threat" where the employee had clear criminal intent [92359]. (b) The software failure incident in Article 92359 was accidental in the sense that Trend Micro's systems had not been attacked over the internet, but rather the breach was caused by an employee who improperly accessed the data with criminal intent. This accidental breach led to the exposure of customer data to a third party [92359].
Duration temporary The software failure incident reported in the articles is more aligned with a temporary failure rather than a permanent one. This incident was caused by a rogue employee at Trend Micro who sold customer data to a third party, leading to the exposure of personal information of thousands of customers [Article 92359]. The incident was a result of specific circumstances involving the actions of the insider employee, rather than a systemic issue affecting the software permanently.
Behaviour omission, value, other (a) crash: The software failure incident in the article does not involve a crash where the system loses state and stops performing its intended functions [Article 92359]. (b) omission: The incident involves a case where the system omitted to perform its intended functions at an instance(s) as an employee sold information from the customer-support database to a third party, leading to customer data exposure [Article 92359]. (c) timing: The incident does not relate to a timing failure where the system performs its intended functions correctly but too late or too early [Article 92359]. (d) value: The software failure incident is related to a value failure where the system performed its intended functions incorrectly by exposing customer data due to the actions of a rogue employee [Article 92359]. (e) byzantine: The incident does not exhibit a byzantine failure where the system behaves erroneously with inconsistent responses and interactions [Article 92359]. (f) other: The behavior of the software failure incident in the article can be categorized as a security breach caused by a malicious insider threat, leading to the exposure of customer data [Article 92359].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property (d) property: People's material goods, money, or data was impacted due to the software failure The software failure incident involving a rogue employee at Trend Micro resulted in the exposure of personal data of thousands of customers. The employee sold information from the customer-support database, including names and phone numbers, to a third party. This breach led to customers receiving scam phone calls from individuals posing as Trend Micro staff. Trend Micro confirmed that approximately 70,000 out of its 12 million customers were affected by this data exposure [92359].
Domain finance (a) The software failure incident reported in the articles is related to the cyber-security industry. Trend Micro, a cyber-security company, experienced a data breach where a rogue employee exposed customer data from its customer-support database [92359]. Trend Micro provides cyber-security and anti-virus tools to consumers, businesses, and organizations globally. (h) The incident also has implications for the finance industry. The article mentions a UK ruling that suggests companies can be held responsible if their staff leak data, citing a case involving a supermarket chain where an internal auditor stole data, including salary and bank details of staff [92359]. (m) The incident does not directly relate to any other industry mentioned in the options provided.

Sources

Back to List