Lyca Mobile Hit By Cyberattack Causing Network Disruption


In a recent statement, U.K.-based mobile virtual network provider Lyca Mobile has confirmed that a cyberattack is to blame for a network disruption that impacted millions of its customers. The company, known as the world’s largest international mobile virtual network operator, experienced a security incident that prevented customers from topping up their balances via its website, app, or in stores over the weekend, while also causing disruptions to some national and international calls. These issues affected all Lyca Mobile markets, with the exception of the United States, Australia, Ukraine, and Tunisia.

Key Takeaway

Lyca Mobile has confirmed a cyberattack that resulted in network disruption for its customers. The company is currently investigating the incident to determine if any personal information was compromised. Operational services are gradually being restored, and the company has assured its customers that their encrypted records provide protection against any potential data breaches. The company has not yet reported the attack to the ICO, and a separate security incident involving a publicly accessible CMS has also been discovered and addressed by Lyca Mobile.

The Investigation

Lyca Mobile is currently conducting an urgent investigation to determine if any personal information was compromised during the cyberattack. The company has stated that all of their records are fully encrypted, providing some assurance to their customers. They have also reassured customers that they will be kept informed of any significant developments as the investigation unfolds. Lyca Mobile has partnered with expert incident responders to assist with the investigation, although they have not disclosed the identities of these third-party organizations.

Service Restoration

Lyca Mobile has now restored mobile telecommunication services in all of its markets. However, some operational services are still in the process of being restored. The company’s spokesperson, Cara Whitehouse, emphasized that the focus right now is getting all operational services back up and running for their customers.

Data Breach Report

The U.K.’s Information Commissioner’s Office (ICO) has not yet received a breach report from Lyca Mobile. Under normal circumstances, companies are required to notify the ICO within 72 hours of discovering a data breach. It remains unclear whether or not Lyca Mobile intends to report the cyberattack to the ICO.

Securing Information

Apart from the cyberattack, another suspected security incident was discovered involving Lyca Mobile. This incident revolved around a publicly accessible content management system (CMS) containing press releases, including Lyca’s statement about the cyberattack. Lyca Mobile has referred to this CMS as a test environment used by vendors and partners. It is worth noting that shortly after the discovery was reported, the CMS went offline.

Leave a Reply

Your email address will not be published. Required fields are marked *