Lyca Mobile blames cyberattack for network disruption

U.K.-based mobile virtual network provider giant Lyca Mobile has confirmed a cyberattack that caused service disruption for millions of its customers.

Lyca Mobile claims to be the world’s largest international mobile virtual network operator, or MVNO, which piggybacks off network operator EE's infrastructure. Lyca confirmed in a statement this week that the security incident prevented customers from topping up their balances via its website, app or in stores over the weekend, and also disrupted some national and international calls.

These issues affected all Lyca Mobile markets, except for the United States, Australia, Ukraine and Tunisia, according to the company’s brief statement, adding that the company is "urgently investigating" if personal information was compromised during the cyberattack.

“We are confident that all our records are fully encrypted, and we will keep customers updated on the outcome of our investigation as we work with our expert partners to establish the facts,” the company's statement says.

When reached for comment, Lyca Mobile spokesperson Cara Whitehouse declined to comment on the nature of the cyberattack, but said that the company's "focus is on getting all of our operational services back up and running." Lyca declined to name the third-party incident responders it said it was working with to investigate the incident, or answer questions about the encryption it uses.

Lyca Mobile added that it has restored mobile telecommunication services in all of its markets but said some unspecified operational services are still being restored.

Adele Burns, a spokesperson for the U.K.'s Information Commissioner's Office, told TechCrunch that the data protection watchdog had not received a breach report from Lyca Mobile. Companies typically have to notify the ICO within 72 hours of discovering a data breach.

At the time of publication, Lyca's statement on its website includes “noindex” code, which tells search engines to ignore the web page, making it more difficult for affected customers to find the statement in search engine results. Lyca did not dispute this, but did not say why it had hidden the statement from its website.

While reporting this cyberattack, TechCrunch discovered a second suspected security incident impacting Lyca Mobile involving a publicly accessible content management system containing press releases, including Lyca's statement announcing the cyberattack. TechCrunch notified Lyca of the publicly accessible system prior to publication.

Whitehouse, Lyca's spokesperson, said the system is "a test environment used by vendors and partners." Shortly after publication, the content management system went offline.