Lyca Mobile, a London-based mobile operator functioning under the EE network, recently intimated its security breach. Personal customer data was leaked due to a cyberattack initiated by unauthorized individuals.
Customers across the world apart from Australia, Tunisia, Ukraine, and the United States of America, were adversely affected by the cyberattack as the internal system experienced major disruptions. The cyberattack is stated to have commenced in the first week of October.
According to recent reports, the authorities responsible initially detected disruption on September 30th. The Lyca Mobile team reacted promptly by segregating and shutting down the impacted systems. However, these measures did offer immediate relief as hackers were able to gain access to personal customer data held within the system.
The company failed to disclose and confirm the nature of the data breach. However, it is estimated that personal customer information such as names, residential addresses, date of birth, copies of identification documents, etc. have been compromised. Moreover, it is being deduced that critical data concerning credit card credentials have also been leaked.
The company also disclosed that subscriber password details may also have been breached. Lyca Mobile claimed that it ensures data encryption of both at-rest and in-transit along with passwords. However, the operator’s preferred method for data encryption along with details on company encryption keys being compromised was not revealed.
According to records, Lyca Mobile caters to more than 16 million subscribers around the world, making it one of the largest Mobile Virtual Network Operators (MVNO). Catering to a large target audience, the company has not officially intimated the exact number of customers that have been affected. The nature of the attack is yet to be communicated. However, the indications of the attack being connected with ransomware have been confirmed.
When approached, the spokesperson of Lyca Mobile, Ms. Cara Whitehouse refrained from making any comments. An ongoing forensic investigation compelled her not to address the public at large.
The cyberattack was responsible for creating disruptions while initiating domestic and international calls. Consequently, these limitations have presently been addressed and resolved by the Lyca Mobile team. However, no updates regarding Port Authorization Codes [PAC] that are required to switch carrier services, have been made available to the public.
Lyca Mobile has collaborated with the U.K.’s Information Commissioner’s Office to find relevant solutions.