March 23, 2009, 11:14 AM — Symantec said on Monday that credit card information relating to three of its customers may have been leaked from its call center contractor in India.
The company has narrowed down on one employee of the contractor as a possible suspect, and has turned over the information including recorded call data to the police for investigation, a spokesman for Symantec India said on Monday.
The call center, e4e India, however denies any theft of data from its operations.
Reporters from the British Broadcasting Corporation (BBC) posing as fraudsters claimed last week in a BBC report that they bought names, addresses and valid credit card details of persons from the UK from a man they identified as Saurabh Sachar in Delhi.
Three of the persons whose details were provided to the undercover reporters had bought software from Symantec by giving their credit card details to a call center over the phone, BBC said.
Symantec discontinued routing of online sales and other calls to the service provider, as soon as the matter came to its attention, the spokesman said.
Symantec was planning to discontinue its relationship with e4e by the end of this month for commercial reasons, but has decided to expedite the transition in view of the suspicion of information theft from the call center, the spokesman said. It didn't have any problems previously with the call center, he added.
E4e however said that there was no evidence whatsoever linking its operations to the data leakage at Symantec alleged by the BBC report. The company is just one of many call centers in India to which Symantec outsources work, said Narasingarao Dataram, president of e4e India, on Monday.
On hearing of the BBC report that data from Symantec customers may have been compromised, e4e did an internal check, and also alerted the cyber-crime police, only out of due diligence, and not because it believed that the data had been leaked from the its operations, Dataram said.
