Statement from Lyca Mobile

Following investigations carried out as a result of disruption to our network, it has become clear that Lyca Mobile has been the victim of a cyber attack.

We first became aware of issues over the weekend, which were preventing customers and retailers from accessing top-ups through our channels. It also impacted some national and international calling. The issues affected all Lyca Mobile markets apart from the United States, Australia, Ukraine and Tunisia.

Our focus on our customers is paramount. We are working around the clock to ensure that the impact on them is minimised.

Our number one priority is ensuring the safety and security of our customers’ data, and we are urgently investigating whether any personal information may have been compromised as part of this attack. We are confident that all our records are fully encrypted, and we will keep customers updated on the outcome of our investigation as we work with our expert partners to establish the facts.

As part of our rapid incident response, we have engaged 3rd party technical expertise to complement our internal expertise. Additionally, we are in close contact with the relevant regulatory and law enforcement authorities in each of our impacted markets, ensuring we fulfil all our obligations.

The mobile telecommunication services affected by this attack have now been restored in all of our markets. There are some operational services that are yet to be fully resolved, but we are working hard to restore all functionality across all countries as quickly as possible.

lycamobile.co.uk/en/…nt?

Notification to customers (lycamobile.co.uk)
Another statement from Lyca today.
Few key takeaway

• There was a data leak, which may include your name, address, dob, partial credit card, encrypted password, encrypted full credit card number, etc.
• Number porting is affecting, no PAC for anyone, you not leaving us until we let you.
• Change your account password, if the password is used elsewhere, change that too, even though our policy is to encrypted passwords, baddies might still have the actual password.