Symantec leaks credit card data

Send to a friend Print
Samantha Rose Hunt27 March 2009, 1:20 PM

Did you buy or renew software over the phone from Symantec? Check your statements carefully -- your credit card details may have been leaked by a rogue staffer.


Symantec Corporation claims the credit card information of three of its customers in the United Kingdom could have potentially been leaked to reporters working undercover by a worker at the vendor’s India call center location. This follows claims from reporters at the BBC that names, addresses, and credit card account details of UK residents had been purchased from a man residing in Delhi, India.

All three individuals who had their data compromised had purchased software from Symantec via telephone transaction.

A spokesman for Symantec’s India stated that the company has begun focusing its investigation on an employee which works for e4e Inc. a contractor for Symantec. Currently phone calls and other information have been turned over to police in India for further investigation.

Symantec had plans to discontinue the relationship they had with e4e at the end of the month for "commercial reasons", however they also stopped routing sales inquiries and other calls there as soon as the situation was brought to light. Previously Symantec had no security issues with the call center contractor, said spokesperson.

As soon as the BBC reported the data leak, Symantec instantly did an internal check and instantly alerted cybercrime police in India.

e4e claims that they do not feel that their company had anything to do with the data leak which the BBC reported. The company claims that they are among many other call center contractors in India to which Symantec has outsourced work.

Post your comment



Comments

 RSS feed Email alert

John Franks (New user):

Most companies enjoy “security” insofar as they haven’t been targeted, or had an employee make a human error with catastrophic exposure. Price Waterhouse Cooper and Carnegie-Mellon’s CyLab have recent surveys that show the senior executive class to be, basically, clueless regarding IT risk and its tie to overall enterprise (business) risk. Data breaches and thefts are due to a lagging business culture – absent new eCulture, breaches will, and continue to, increase. As CIO, I’m constantly seeking things that work, in hopes that good ideas make their way back to me - check your local library: A book that is required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium." It also helps outside agencies understand your values and practices.
The author, David Scott, has an interview that is a great exposure: www.businessforum.com/DScott_02.html -
The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
In the realm of risk, unmanaged possibilities become probabilities – read the book BEFORE you suffer a bad outcome – or propagate one.

28 March 2009, 12:51 AM (11 months ago)report abuse Send to a friend reply

The Big Baboo (User):

Aha I knew it :) I wouldn't trust Symantec as far as I could throw them.
A few years back my subscription with them had run out,so rather than walking down to the shop and buying the latest copy I decided to renew on-line. Imagine my consternation when the download stopped about 3/4 of the way through !!! I restarted and successfully downloaded but then Symantec decided I had two copies of their software on my PC. After much twoing and thro'ing I had to delete both copies (?)Send them a notarised statement and then decide if I wanted Norton's anymore. Needless to say,I gave them the old heave-ho and decided to use another product. At the moment I am running Bit-Defender which is absolutely free,up-dates itself just about every fifteen minutes and all I have to do is apply for a new registration number at the end of the year. Norton's You Can Take A Running Jump :)

30 March 2009, 8:09 AM (11 months ago)report abuse Send to a friend reply

Not signed in
anonymous user Anonymous user


Tags