Lyca Mobile, a UK-based mobile virtual network operator (MVNO) functioning on EE's network infrastructure, has confirmed a cyberattack that led to unauthorized access to customers' personal data. 

It reportedly impacted millions of its users globally, except those in the United States, Australia, Ukraine, and Tunisia. The breach was first discovered on September 30, prompting Lyca Mobile to take swift action, including the isolation and shutdown of affected systems. 

The company has since engaged security experts to investigate the incident and mitigate potential data exposures.

(Photo : VIN JD from Pixabay)

Lyca Mobile's Recent Update

In its official statement, Lyca Mobile emphasized its dedication to minimizing customer impact and assured ongoing efforts to restore affected systems securely. 

Regulatory authorities have been notified, and the company is closely coordinating with them. As a precautionary measure, Lyca Mobile advised affected customers to remain vigilant for any suspicious activity and take additional steps to safeguard their information. 

That includes resetting Lyca Mobile passwords, especially if used across multiple online accounts, and being cautious of unsolicited communications requesting personal or financial details.

The breach encompasses various categories of personal data retained by Lyca Mobile, ranging from identification information, such as names, addresses, and contact details, to interactions with customer service, which may have been recorded for up to 60 days. 

Additionally, customers using online accounts with Lyca Mobile may have stored passwords. Regarding credit card information, Lyca Mobile keeps the last four digits and expiration date, with the full number encrypted for enhanced security. The company does not retain the 3-digit CVV code in any form.

The incident has also impacted Lyca Mobile's number porting functionality, temporarily inhibiting the issuance of PAC codes. The company said it is working to rectify this issue and fully restore all services.

Read Also: Clorox Product Shortage May Last for Months Due to Cyber Criminals-Here's Everything You Need to Know

Lyca Mobile Expressed Regret

Lyca Mobile has expressed regret for any inconvenience caused by the breach and assures customers that measures are in place to protect their data in the future. While efforts are underway to bring systems back online, the company is proceeding with caution to prevent any potential further complications.

Lyca Mobile also said it is communicating with regulatory authorities, including the Information Commissioner's Office (ICO) and Ofcom, as part of its commitment to transparency and compliance in handling this incident. Customers are encouraged to exercise prudence and promptly report any suspicious activity related to the breach.

"Be suspicious of unsolicited requests for your personal or financial details. If you receive an e-mail which you're not sure about, treat it with caution, or if you have been a victim of fraud or cyber crime, contact your bank immediately and you should report this to the police," the company said in the statement.

"The security of your personal information is very important to us and as our investigation progresses, we will consider whether we need to take any further steps to help protect that information. While we hope to bring all of our systems back online as soon as possible, we are doing so carefully to minimise any further issues," it added.

Related Article: DC Health Link Informs Congress of Sensitive Health Data Breach