Lyca Mobile has announced that it has experienced a data breach. The security violation happened after unauthorised individuals gained access to it systems and personal customer data was compromised in a cyberattack.
A statement from Lyca confirms that:
- The attackers accessed at least some of the personal information held in Lyca’s systems. This includes at least some customer data
- Lyca customers should be vigilant in case of any suspicious activity.
The main types of personal information held by Lyca include:
- Identification information (e.g., name, address, date of birth, copies of passports & ID cards)
- Contact information (e.g., contact number, email address, proof of address)
- Password (for MyAccount with Lyca Mobile)
- Customer service interactions (Lyca holds a random selection of these records for up to 60 days)
- Financial data (the last four digits of credit card number, expiration date, full encrypted credit card number for users of Lyca online account).
According to Tech Crunch, Lyca declined to comment on what type of encryption it uses when asked. In addition, it is not yet known if the criminals accessed/stole the company’s encryption keys.
Lyca Mobile has not said how many customers were affected by the incident and not every victim of this breach will have the same level of data accessed.
Lyca Mobile first became aware of this data breach on 30 September but took until mid-October to start informing affected customers. This delay has left these customers unnecessarily exposed to further criminal activity.
After the Lyca data breach, the mobile operator has advised affected customers to:
- Change their Lyca password if they have one
- Reset any other online accounts that use the same password
- Stay vigilant to protect against suspicious activity (e.g., phishing attempts, fraud or nuisance marketing communications). This includes:
- Being suspicious of unsolicited requests for personal or financial details
- Treating unexpected emails with caution
- Contact their bank and the police if they become the victim of fraud or cyber crime
- Contact Lyca mobile at cs@lycamobile.co.uk if they have any questions about this breach and how it affects them directly.
Keller Postman UK is currently investigating this breach and we are considering launching a no-win-no-fee group action to help victims living in England & Wales claim compensation. To register your interest in joining this action, sign up below.
