Symantec sent out the warning letters last week, after the that it managed to purchase credit card numbers obtained from Symantec's call center from a Delhi-based man named Saurabh Sachar.

The letters were sent to just over 200 customers, according to Symantec spokesman Cris Paden. Most of those notified are in the U.S., but the company also notified a handful of customers in the U.K. and Canada, Paden said via e-mail.

"We have no evidence that the credit card information of any United States resident was actually compromised," Symantec wrote in its (pdf)

It is not clear how Sachar might have obtained the card numbers, but he appears to have acted as a middleman. Symantec has linked the card numbers to another person working at a call center operated by e4e India, Paden said.

"As to whether or not that employee actually handled the information inappropriately or not remains to be investigated and confirmed by law enforcement," he said.