Apparently, the cyberattack has affected millions of customers worldwide, with the exception of individuals in the United States, Australia, Ukraine, and Tunisia. On September 30, Lyca Mobile learned of the intrusion and took immediate measures, including isolating and shutting down the vulnerable systems.
The company further confirmed that it has reported the issues to security experts, and an investigation is ongoing.
Lyca Mobile’s Update
Lyca Mobile stressed in its official statement its commitment to minimize customer damage and pledged continued efforts to securely restore affected services.
The company has informed the appropriate regulatory authorities and is working closely with them. Lyca Mobile cautioned impacted users to be on the lookout for any unusual activity and to take extra precautions to protect their information.
The measures include resetting Lyca Mobile passwords, especially in case the user is using more than one account. Also, the company has urged online users to be cautious of unsolicited emails or any form of communication that asks for personal or financial information.
"Be suspicious of unsolicited requests for your personal or financial details. If you receive an e-mail which you're not sure about, treat it with caution, or if you have been a victim of fraud or cyber crime, contact your bank immediately and you should report this to the police," the company said in the statement.
"The security of your personal information is very important to us. As our investigation progresses, we will consider whether we need to take any further steps to help protect that information. While we hope to bring all of our systems back online as soon as possible, we are doing so carefully to minimize any further issues," it added.
The data compromised in the breach include identification information, such as names, addresses, and contact details, and interactions with customer service, recorded for up to 60 days.
Also, the online accounts include information of customer’s credit card information, where Lyca Mobile records the last four digits and expiration date, with the full number encrypted for enhanced security. However, the company does not retail the 3-digit CVV code.
Additionally, the issue has disrupted the operation of Lyca Mobile’s number porting functionality, temporarily preventing PAC code issuing. The company stated that it is attempting to resolve this problem and fully restart all services.