In a small update, the Information Commissioner’s Office (ICO) has confirmed to ISPreview that their investigation into the September 2023 cyberattack and data breach of mobile network operator Lyca Mobile (here) is still “ongoing“. But the ICO declined to answer why it was taking so long to reach a conclusion.
The original attack, which disrupted Lyca Mobile’s systems and connectivity services across the UK for a period of time, also resulted in hackers being able to access “at least some of the personal information held in our systems“. Back in early October 2023, Lyca said it would “take some time to fully complete our investigations,” although no further public updates appear to have been issued.
The last time we asked the ICO about their investigation was in March 2024, at which point a spokesperson for the organisation said: “Lycamobile (UK) Ltd made us aware of an incident and our enquiries are ongoing.” By comparison the latest update from Rashana Sweidan Vigerstaff, the ICO’s Senior Communications Officer, simply confirmed that the “investigation is ongoing, therefore we will not be able to provide any further comment.”
Advertisement
The hope is that, one of these days, the ICO may actually be able to reveal more information about what happened, which could present another headache for Lyca given their ongoing multi-million dispute with the HMRC over the VAT treatment of customer “bundles” (here). Not to mention issues with the auditing of their accounts (here) and the recent announcement of significant UK job losses (here). The ICO often imposes fines on companies for major breaches of personal customer data.
Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your entries for comment content, display name, IP and email in our database, for as long as the post remains live.
Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.