Lyca Mobile Data Breach

Cybercriminals have compromised the personal details of Lyca Mobile customers


What happened in the Lyca Mobile data breach?

Customers of Lyca Mobile may have had their personal information exposed following a cyberattack. The breach happened after hackers broke into the mobile operators’ systems. While not confirmed, it is thought this might have been a ransomware attack.  

Lyca Mobile has not said how many customers were affected by the incident, but thousands of people could be at risk following the breach.  

According to Lyca, the compromised data may include:  

According to Tech Crunch, Lyca declined to comment on what type of encryption it uses when asked. In addition, it is not yet known if the criminals accessed/stole the company’s encryption keys.



Victims of the Lyca Mobile data breach could be at risk

Take immediate steps to protect yourself!

After the Lyca data breach, the mobile operator has advised affected customers to:

Worryingly, while Lyca Mobile first became aware of this data breach on 30 September 2023, it took until mid-October to start informing affected customers.  By not letting customers know immediately, Lyca Mobile left them at a very high risk of further cyberattacks, fraud and identity theft.   

Victims of data breaches often become the target of cybercriminals and similar privacy violations have resulted in fraud, blackmail, and identity theft. As such, Lyca Mobile customers are at high risk of being targeted by cybercriminals and should take immediate steps to protect themselves.

Our data protection experts have provided some guidance on how to do this.

Lyca Mobile data breach timeline

  • 30 September 2023.
    Lyca Mobile became aware that had experienced a security breach.
  • Mid-October 2023.
    Lyca Mobile began notifying customers about the breach.

Your questions answered

FAQs about the Lyca Mobile data breach

Lyca Mobile, which operates on EE’s network, discovered that it had experienced a data breach. The security violation happened after unauthorised individuals gained access to it systems and personal customer data was compromised in a cyberattack.    

The list of potentially compromised data includes customer: 

      • Identification information (e.g., name, address, date of birth, copies of passports & ID cards) 
      • Contact information (e.g., contact number, email address, proof of address)  
      • Password (for MyAccount with Lyca Mobile)  
      • Customer service interactions (Lyca holds a random selection of these records for up to 60 days)  
      • Financial data (the last four digits of credit card number, expiration date, full encrypted credit card number for users of Lyca online account). 

In a notification to customers, Lyca Mobile said: 

Following investigations carried out as a result of disruption to our network, it has become clear that Lyca Mobile UK Limited has been the victim of a systems cyber attack. We are working around the clock to ensure that the impact to our customers is minimised.  

Lyca Mobile first became aware of this on 30 September and took immediate action to contain the incident, which included isolating and shutting down systems where appropriate. We also instructed leading security and other experts to help us investigate and minimise any impact on your data including the period during which we recover our systems. We have also notified and are in discussions with all of the relevant regulatory authorities.  

It will take some time to fully complete our investigations and carefully restore all of our systems, but it is now clear to us that the attackers have accessed at least some of the personal information held in our systems. We now believe this includes at least some customer data.” 

If your details were put at risk, Lyca Mobile should write to you to let you know. 

Anyone who thinks they might be involved should take immediate steps to protect themselves.