Introduction
U.K.-based mobile virtual network provider giant Lyca Mobile has confirmed a cyberattack that caused service disruption for millions of its customers. The incident, which appears to have been a third-party incident involving a vendor or partner, resulted in interrupted services and potential breaches of customer data.
Background on Lyca Mobile
Lyca Mobile claims to be the world’s largest international mobile virtual network operator (MVNO), piggybacking off EE’s extensive infrastructure. The company confirmed the security incident this week through a statement, detailing the disruptions caused over the weekend.
Impact of the Cyberattack
The attack affected customers unable to top up their balances via Lyca Mobile’s website, app, or in-store options. Service disruptions also impacted national and international calls across all regions except the United States, Australia, Ukraine, and Tunisia.
Investigation and Personal Data Compromise
Lyca Mobile is currently investigating whether personal information was compromised during the incident. The company emphasized that its records are fully encrypted, though it has not yet released findings or collaborated with experts to confirm any breaches.
Response from Lyca Mobile
Company spokesperson Cara Whitehouse declined to comment on the nature of the cyberattack but stated: “We are confident that all our records are fully encrypted, and we will keep customers updated on the outcome of our investigation as we work with our expert partners to establish the facts.”
Lyca declined to name the third-party incident responders it was working with or answer further questions about the breach. The company also mentioned that affected customers were made aware via SMS text messages.
Additional Concerns
The company has taken steps to restore services and is actively working to address the issue. A spokesperson added: “We are committed to ensuring a swift resolution and have already implemented immediate measures to mitigate any disruptions.”
Legal and Operational Impact
Lyca Mobile’s Information Commissioner’s Office (ICO) has been informed about the incident, but it did not receive a formal breach report from the company. The ICO is typically responsible for safeguarding personal data in the U.K., so this oversight could raise questions about Lyca Mobile’s cybersecurity practices.
Technical Details and Suspected Incidents
Lyca Mobile confirmed another suspected security incident through TechCrunch, which appeared to target its content management system. This led to a partial offline recovery of the account on September 16, according to the article.
Background on Carly Page
Carly Page is a Senior Reporter at TechCrunch with over a decade of experience in journalism and tech. She has covered major companies like Google, Microsoft, and Fitbit, making her well-positioned to provide insights into this incident.
Related Cybersecurity Articles
TechCrunch has also published similar cybersecurity-related articles covering topics such as Microsoft’s new lawsuit against operators of crypto mixing services used by North Korea and ransomware gangs, Chinese hackers targeting U.S. infrastructure, and the role of AI in enhancing cybersecurity defenses.
Conclusion
Lyca Mobile’s cyberattack has caused significant disruption to its customers and exposed potential vulnerabilities in its operations. The company is currently working to address the issue and restore service availability, while investigations into data breaches continue. TechCrunch’s coverage highlights the importance of robust cybersecurity measures for MVNOs like Lyca Mobile.