fbpx
0151 459 5850
Keller Postman Logo

Lyca Mobile Data Breach

Cybercriminals have compromised the personal details of Lyca Mobile customers

Register with Keller Postman UK to find out what happened, and whether you can claim compensation.

START YOUR NO-WIN, NO-FEE LYCA MOBILE CLAIM

Have you been affected by the Lyca Mobile data breach?

Customers of Lyca Mobile may have had their personal information exposed following a cyberattack. The breach happened after hackers broke into the mobile operators’ systems. While not confirmed, it is thought this might have been a ransomware attack.  

Lyca Mobile has not said how many customers were affected by the incident, but thousands of people could be at risk following the breach.  

According to Lyca, the compromised data may include:  

  • Identification information (e.g., name, address, date of birth, copies of passports & ID cards)
  • Contact information (e.g., contact number, email address, proof of address)
  • Password (for MyAccount with Lyca Mobile)
  • Customer service interactions (Lyca holds a random selection of these records for up to 60 days)
  • Financial data (the last four digits of credit card number, expiration date, full encrypted credit card number for users of Lyca online account).

According to Tech Crunch, Lyca declined to comment on what type of encryption it uses when asked. In addition, it is not yet known if the criminals accessed/stole the company’s encryption keys.

Keller Postman UK has launched an investigation to find out what happened and how this breach affects Lyca Mobile customers. We believe that failures to adopt standard security measures may have made this attack easier.  

If you are a Lyca Mobile customer, you live in England or Wales, and you have been told that your data was accessed in this breach, register below to join our no-win, no-fee group action.  

START YOUR NO-WIN, NO-FEE LYCA MOBILE CLAIM

Victims of the Lyca Mobile data breach could be at risk

Take immediate steps to protect yourself!

After the Lyca data breach, the mobile operator has advised affected customers to:

  • Change their Lyca password if they have one
  • Reset any other online accounts that use the same password
  • Stay vigilant to protect against suspicious activity (e.g., phishing attempts, fraud or nuisance marketing communications). This includes:
  • Being suspicious of unsolicited requests for personal or financial details
  • Treating unexpected emails with caution
  • Contact their bank and the police if they become the victim of fraud or cyber crime
  • Contact Lyca mobile at cs@lycamobile.co.uk if they have any questions about this breach and how it affects them directly.

Worryingly, while Lyca Mobile first became aware of this data breach on 30 September 2023, it took until mid-October to start informing affected customers.  By not letting customers know immediately, Lyca Mobile left them at a very high risk of further cyberattacks, fraud and identity theft.   

Victims of data breaches often become the target of cybercriminals and similar privacy violations have resulted in fraud, blackmail, and identity theft. As such, Lyca Mobile customers are at high risk of being targeted by cybercriminals and should take immediate steps to protect themselves.

Our data protection experts have provided some guidance on how to do this.

GET OUR GUIDE TO STAYING SAFE AFTER A DATA BREACH

We may be able to claim compensation for any distress or financial losses experienced because of this breach and we urge anyone affected to register with us.   

REGISTER TO FIND OUT MORE ABOUT THE LYCA MOBILE GROUP ACTION. 

Talk to our expert data breach lawyers today on 0151 459 5850 

START YOUR NO-WIN, NO-FEE LYCA MOBILE CLAIM

Lyca Mobile data breach timeline

  • 30 September 2023.
    Lyca Mobile became aware that had experienced a security breach.
  • Mid-October 2023.
    Lyca Mobile began notifying customers about the breach.

Latest news

Your questions answered

FAQs about the Lyca Mobile data breach

Lyca Mobile, which operates on EE’s network, discovered that it had experienced a data breach. The security violation happened after unauthorised individuals gained access to it systems and personal customer data was compromised in a cyberattack.    

The list of potentially compromised data includes customer: 

      • Identification information (e.g., name, address, date of birth, copies of passports & ID cards) 
      • Contact information (e.g., contact number, email address, proof of address)  
      • Password (for MyAccount with Lyca Mobile)  
      • Customer service interactions (Lyca holds a random selection of these records for up to 60 days)  
      • Financial data (the last four digits of credit card number, expiration date, full encrypted credit card number for users of Lyca online account). 

In a notification to customers, Lyca Mobile said: 

Following investigations carried out as a result of disruption to our network, it has become clear that Lyca Mobile UK Limited has been the victim of a systems cyber attack. We are working around the clock to ensure that the impact to our customers is minimised.  

Lyca Mobile first became aware of this on 30 September and took immediate action to contain the incident, which included isolating and shutting down systems where appropriate. We also instructed leading security and other experts to help us investigate and minimise any impact on your data including the period during which we recover our systems. We have also notified and are in discussions with all of the relevant regulatory authorities.  

It will take some time to fully complete our investigations and carefully restore all of our systems, but it is now clear to us that the attackers have accessed at least some of the personal information held in our systems. We now believe this includes at least some customer data.” 

If your details were put at risk, Lyca Mobile should write to you to let you know. 

Anyone who thinks they might be involved should take immediate steps to protect themselves.  Find out how to do this here 

If you live in England or Wales and you are involved in this breach, you may be able to join our no-win, no-fee compensation claim. There are no costs to register and no obligation to proceed.  

A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions, multi-claimant, or multi-party actions. 

If we do launch a group action, there are no costs to join a claim. However, if your claim is successful, you may have to pay a ‘success fee’. This fee is taken from the compensation awarded to you. At Keller Postman UK, our success fee is competitive, and we make sure you are fully informed about any potential costs before you officially join our action. If you lose, you won’t have to pay a penny. 

START A NO-WIN, NO-FEE CLAIM TODAY

START YOUR NO-WIN, NO-FEE LYCA MOBILE CLAIM

Recent awards, shortlistings, and listings

Keller Postman UK has some of the most skilled data breach lawyers in England and Wales. Here are just some of our success stories.

Previous
Next
Read more about our success and recognition
CONTACT US
USEFUL LINKS
START A CLAIM

Keller Postman UK is a founding member of the Collective Redress Lawyers Association (CORLA). CORLA aims to improve access to justice for claimants by way of collective redress.  

FOLLOW US
Facebook Linkedin

Disclaimer | Privacy Policy | Cookies |  Complaints | Equality & Diversity