Symantec sent out the warning letters last week, after the BBC reported that it managed to purchase credit card numbers obtained from Symantec's call centre from a Delhi-based man named Saurabh Sachar.
The letters were sent to just over 200 customers, according to Symantec spokesman Cris Paden. Most of those notified are in the US, but the company also notified a handful of customers in the UK and Canada.
"We have no evidence that the credit card information of any United States resident was actually compromised," Symantec wrote in its notification letter. (pdf)
It is not clear how Sachar might have obtained the card numbers, but he appears to have acted as a middleman. Symantec has linked the card numbers to another person working at a call centre operated by e4e India, Paden said.
"As to whether or not that employee actually handled the information inappropriately or not remains to be investigated and confirmed by law enforcement," he said.
He declined to identify the employee, who has been placed on administrative leave.