Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Security / Data Leaks

Data Leaks

Symantec Sends Notification Letters Announcing Possible Security Breach

Following a BBC investigation of the credit card black market

By Lucian Constantin, Web News Editor

1st of April 2009, 10:28 GMT

Adjust text size:


Symantec notifies authorities of potential data breach
Enlarge picture
IT security giant Symantec has notified authorities in the U.K., the U.S. and Puerto Rico that the credit card information of around 200 of its customers might have been compromised. The company has started an investigation at one of its outsourced call centers in India, after BBC reporters successfully acquired valid banking information of three of its UK customers, from the black market.

The BBC has recently released the results of a journalistic investigation into identity theft and the underground market where financial information is being traded. A team of reporters have traveled to India on a tip and met with someone who offered to sell them credit card details at $10 a piece.

After buying credit card information belonging to 50 UK citizens, the reporters discovered that three of them purchased Symantec software over the phone, from a call center in India, only hours apart of each other.

Cris Paden, a Symantec representative, notes that the investigation launched by the company pointed to a single call center worker, who was temporarily placed on administrative leave. There is currently no evidence that the information of more customers has been compromised, but since that agent handled around 200 individual transactions, the AV vendor is taking precautions.

According to the spokesman, Symantec has notified officials in Maine, Maryland, Massachusetts, North Carolina, New Hampshire, New Jersey, New York and Virginia. In a letter to the New Hampshire Attorney General, Kelly A. Ayotte, the company writes that, "We do not believe that a 'security breach,' as defined in N.H. Rev. Stal. § 359-C:19(I), has occurred for which notice is required; nevertheless, […] we intend to send written notification to one (1) resident of New Hampshire who potentially may be affected by this incident out of an abundance of caution."

As a precaution, Symantec is also offering its customers that might have been affected by this incident free subscriptions for one year with Debix, an identity protection service. Information on how to place their credit file under monitoring is also provided.

"Protecting personal information is very important to Symantec. We are reviewing our security processes and third party vendor protocols and evaluating additional safeguards to the extent that they are warranted," the company adds. According to Mr. Paden, the details of the compromised credit cards were not misused until they have been canceled and replacements have been issued by the banks.

TAGS:

 Symantec | notification letter | data breach | BBC investigation | credit card information
Read by 8,910 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
NOT RATED 0 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


$10 Million Stolen by Notorious Israeli hacker

Thousands of Credit Card Details Cached in Google

BBC Buys Compromised Credit Card Details from India

First Malware for ATMs Discovered

Heartland and RBS WorldPay No Longer PCI Compliant

New Payment Processor Data Breach on the Horizon

RBS WorldPay Security Breach Earns Fraudsters $9 Million

User opinions:


Comment #1 by: Les Rosen on 18 May 2009, 07:18 GMT reply to this comment

Many job applicants in the US may not realize it, but when you fill out a job application you may be sending your personal data including date of birth and/or social security number offshore beyond U.S. privacy laws. How? There are some background screening firms that routinely send their data to India or other destinations for processing, including calling past employers and schools. The information sent could well be the basis for identity theft. The recent sting operation by the BBC shown aboe demonstrtes that confidential data can be purchased from Indian call centers for as little as $10 each.

Of course, identity theft can happen in the US, but at least here there are resources and recourses. Try calling the Mumbai or Bangalore police and filing a complaint. Nor does it help if the foreign call center is owned by a US firm. The same issues still apply.


The best advice for US job seekers; Do NOT consent to a background check if the employment screening firm used by your prospective employer does not guarantee that they do all of their work in the USA.

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive