Your cookie preferences

We use cookies and similar technologies. You can use the settings below to accept all cookies (which we recommend to give you the best experience) or to enable specific categories of cookies as explained below. Find out more by reading our Cookie Policy.

Select cookie preferences

Skip to main content

Lyca Mobile reveals data breach resulting from cyberattack

London-based mobile operator Lyca Mobile, which operates on EE's network, has announced unauthorised individuals gained access to customer personal data by breaching their systems. 
Share this guide
'Lyca Mobile data breach reported on 30 September, with  measures taken to contain it'

The cyberattack, which occurred last week, disrupted services for millions of Lyca Mobile customers, except for those in the United States, Australia, Ukraine, and Tunisia.

In an update released on Friday, 6 October, Lyca Mobile disclosed it initially detected the breach on 30 September and promptly implemented measures to contain the situation, including isolating and shutting down compromised systems. Despite these efforts, the company confirmed that the attackers managed to access "at least some of the personal information stored in [its] system."

Although the specific types of data stolen were not specified, Lyca Mobile does collect customer information such as names, dates of birth, addresses, copies of identity documents (such as passports or identity cards), customer service interactions, and partial payment card information (the last four digits of credit card numbers). The company also indicated that customer passwords may have been compromised. 

Lyca Mobile encrypts data both in transit (between devices and networks such as the internet, within a company, or being uploaded in the cloud) and at rest (not being actively used, such as moving between devices or networks and not interacting with third parties), including passwords, but does not disclose the encryption methods used. It remains unknown whether the intruders obtained the company's encryption keys.

The number of affected customers has not been disclosed by Lyca Mobile, which claims to be the world's largest mobile virtual network operator (MVNO) with over 16 million customers globally. The company has not revealed the details of how the breach occurred or the nature of the security incident, although the confirmation of data theft suggests a possible ransomware connection.

Lyca Mobile spokesperson, Cara Whitehouse, declined to comment further than the initial statement, stating that the company is still working with forensic investigators to assess the full extent of the impact on their systems.

While much of the disruption caused by the cyberattack has been resolved, such as the ability to make national and international calls, Lyca Mobile announced on Friday that it is currently unable to provide users with port authorisation codes, which allow customers to transfer their phone numbers between cell networks. Some markets also continue to experience issues with topping up their balances online.

Lyca Mobile previously informed the UK's Information Commissioner's Office (ICO) about the incident, with ICO spokesperson Adele Burns confirming that they are assessing the information provided by Lyca Mobile.

Lyca Mobile PAC code issues

A number of customers have reported difficulty receiving a porting authorisation code (PAC) from Lyca. You would need a PAC code in order to switch to a new network but take your existing mobile number with you.

Rather than trying to contact Lyca for yours, the best approach is to text 'PAC' to 65075 for free. You should get a message back with your PAC code within two hours. This is a requirement from Ofcom that providers send you your PAC within this time frame. If you experience a significant delay or don't get a response, you can report this to the telecoms regulator directly with this online form.

What to do if you have been affected

If you have a Lyca Mobile password, as an extra precaution, Lyca has recommended that you reset it. And if you use that password for other online accounts, you should change it now. 

If you have reused the same credentials, including the same password elsewhere (for example, on unrelated websites), you may wish to consider changing those too, as a precaution.

There is also a risk you might be targeted for phishing attempts, fraud or nuisance marketing communications. Criminals may use your personal details to target you with convincing emails, texts and calls.

Be suspicious of unsolicited requests for your personal or financial details. If you receive an email which you're not sure about, treat it with caution, or if you have been a victim of fraud or cyber crime, contact your bank immediately and report this to the police. 

Lyca has also confirmed they are liaising with Ofcom.

For more information, check out our guide on how to spot a mobile phone scam.


Best smartphones 2022: top 16 mobile phones ranked | Uswitch

Choosing the best smartphone in 2022 is a challenge. That's why we've ranked our top 16 mobile phones available to buy on the market right now. Read it here.

Learn more
How to spot a mobile phone scam guide

How to spot a mobile phone scam

Don't get caught out by mobile scams, read this guide to learn more about the things you need to look out for to protect yourself

Learn more