14 DAY TRIAL // IT security giant Symantec has notified authorities in the U.K., the U.S. and Puerto Rico that the credit card information of around 200 of its customers might have been compromised. The company has started an investigation at one of its outsourced call centers in India, after BBC reporters successfully acquired valid banking information of three of its UK customers, from the black market.
The BBC has recently released the results of a journalistic investigation into identity theft and the underground market where financial information is being traded. A team of reporters have traveled to India on a tip and met with someone who offered to sell them credit card details at $10 a piece.
After buying credit card information belonging to 50 UK citizens, the reporters discovered that three of them purchased Symantec software over the phone, from a call center in India, only hours apart of each other.
Cris Paden, a Symantec representative, notes that the investigation launched by the company pointed to a single call center worker, who was temporarily placed on administrative leave. There is currently no evidence that the information of more customers has been compromised, but since that agent handled around 200 individual transactions, the AV vendor is taking precautions.
According to the spokesman, Symantec has notified officials in Maine, Maryland, Massachusetts, North Carolina, New Hampshire, New Jersey, New York and Virginia. In a letter to the New Hampshire Attorney General, Kelly A. Ayotte, the company writes that, "We do not believe that a 'security breach,' as defined in N.H. Rev. Stal. § 359-C:19(I), has occurred for which notice is required; nevertheless, […] we intend to send written notification to one (1) resident of New Hampshire who potentially may be affected by this incident out of an abundance of caution."
As a precaution, Symantec is also offering its customers that might have been affected by this incident free subscriptions for one year with Debix, an identity protection service. Information on how to place their credit file under monitoring is also provided.
"Protecting personal information is very important to Symantec. We are reviewing our security processes and third party vendor protocols and evaluating additional safeguards to the extent that they are warranted," the company adds. According to Mr. Paden, the details of the compromised credit cards were not misused until they have been canceled and replacements have been issued by the banks.