Cyber Incident Victim: Lycamobile

On September 24, 2023, Lyca Mobile, a global mobile virtual network operator serving over 15 million customers across 60 countries, experienced a cyberattack that disrupted critical services. The company first detected operational issues over the weekend following the attack, which prevented customers and retailers from processing prepaid top-ups through official channels. The incident also impaired national and international calling capabilities in most of its markets. Service disruptions were widespread but did not affect Lyca Mobile’s operations in the United States, Australia, Ukraine, or Tunisia. The company promptly initiated an internal investigation and engaged third-party technical experts to assess the breach’s scope and origin. It concurrently notified relevant regulatory bodies and law enforcement agencies in all impacted jurisdictions. While service restoration efforts began immediately, Lyca Mobile withheld specific technical details about the attack vector or perpetrator.

Lyca Mobile prioritized determining whether customer data was compromised, emphasizing that all records were fully encrypted but acknowledging the possibility of unauthorized access. The investigation focused on verifying the integrity of personal information while maintaining communication with cybersecurity partners and authorities. By October 1, 2023, the company had restored core services across all affected markets, though residual operational challenges persisted in certain areas. No evidence confirming data exfiltration or theft had been disclosed publicly at the time of reporting. The incident underscored the operational vulnerabilities inherent to MVNOs reliant on leased network infrastructure, though Lyca Mobile’s containment response demonstrated coordinated engagement with external experts and regulators throughout the recovery phase.