March 30, 2009, 8:17 PM — Symantec is warning a small number of customers that their credit card numbers may have been stolen from an Indian call center used by the security vendor.
Symantec sent out the warning letters last week, after the BBC reported that it managed to purchase credit card numbers obtained from Symantec's call center from a Delhi-based man named Saurabh Sachar.
The letters were sent to just over 200 customers, according to Symantec spokesman Cris Paden. Most of those notified are in the U.S., but the company also notified a handful of customers in the U.K. and Canada, Paden said via e-mail.
"We have no evidence that the credit card information of any United States resident was actually compromised," Symantec wrote in its notification letter. (pdf)
It is not clear how Sachar might have obtained the card numbers, but he appears to have acted as a middleman. Symantec has linked the card numbers to another person working at a call center operated by e4e India, Paden said.
"As to whether or not that employee actually handled the information inappropriately or not remains to be investigated and confirmed by law enforcement," he said.
He declined to identify the employee, who has been placed on administrative leave.