Last weekend, users of the mobile network Lyca started to experience difficulties using the network, especially when trying to log in to their user accounts to top-up their credit.
Following these events, Lyca Mobile UK have issued a statement in which they have admitted to have been subject to a cyber attack
Global impact
LycaMobile operate in over 40 countries across the globe, the statement released by LycaMobileUK says that all of Lyca mobiles markets were affected with the exception of the USA, Australia, Ukraine, and Tunisia.
In the UK, Lyca Mobile doesn’t operate it’s own network infrastructure, but utilises the infrastructure owned by EE.
Updated statement
A second statement from the company Date Protection Officer was released on the 6th October, and gives further insight into the attack and that some personal data has been compromised.
At present, the company is unsure as to how much personal data has been compromised, but they list the types of data they hold, which includes:
- Identification information: (name, address, date of birth, alternative contact number and/or email address.)
- Verification data: (Proof of address, copies of passports, identity cards or similar information)
- Passwords
- Customer service interactions: Phone calls, texts, emails
- Credit card data: Last four digits of your credit card number and its expiration date.
The company also state that they hold full customer credit card numbers, which are encrypted for additional security and that they consider the risk of any access to be very low. The company states that they do not hold the 3 digit CVV code in any form.
The updated statement also informs customers that they system they use to generate PAC codes has also been affected, and as such they are unable to generate any PAC codes to allow customers to port numbers to other providers.
