The "consultants" gave no indication of how call-center workers were sneaking the data out, but security vendor Sophos' NakedSecurity newsletter noted they could be doing anything from writing it down on scraps of paper to downloading it en mass onto USB flash drives, MP3 players or other small portable devices.
Indian government sources said enforcement agencies try to investigate reports of corruption, but are hindered by the reluctance of any of the call-center companies to admit their employees had been stealing information belonging to the customers of clients.
Call centers are a $5 billion-per-year business in India, employing about 330,000 workers.
Despite the tiresome reflex of some U.S. law-enforcement agencies to blame every act of cybercrime on Anonymous or nameless "hackers," there is no firm evidence that any of corrupt Indian workers stealing data to supply identity thieves are members of any Western hacktivist movements.
If they're writing the data down on paper, what they're doing might not even be considered cybercrime. Just plain old "crime," which is the way it should be prosecuted in the first place.
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.