Tens of millions of O2 customers were stripped of internet access yesterday after the telecommunications giant’s data network collapsed.
O2, which also shares infrastructure with Tesco Mobile and GiffGaff, claimed the outage was due to a “global software issue”.
Deprived of cat memes, many irate users turned to Twitter to voice their frustration.
“Since O2 has been down I’ve had to talk to the family. Surprised to hear Mum no longer works at Woolworths”, complained Daniel Weakly.
Thankfully, The Sun stepped in to dispense some pearls of wisdom, revealing:
- GiffGaff customers will need to complain to GiffGaff.
- Lycamobile customers will need to complain to Lycamobile.
- O2 customers will need to complain to O2.
- Sky Mobile customers will need to complain to Sky Mobile.
- Tesco Mobile customers will need to complain to Tesco Mobile.
Amid the chaos, the firm’s boss, Mark Evans, tweeted his apologies to reassure users that the situation was in hand:
“I want to reassure our customers that we are doing everything we can to fix the issue with our network and say how sorry I am to everyone affected. My teams are working really hard with Ericsson to find a swift resolution. Stay updated”.
Unfortunately for O2, there may be bigger issues at hand than miffed millennials, with acknowledged international cyber security guru Alan Calder suggesting that the company could be in breach of the EU GDPR:
“This incident could potentially be an infringement of Article 32(1)(b), which requires organisations to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services”.
Moreover, while we all know that the GDPR came into effect in May 2018, so did its less popular cousin – The NIS Directive (transposed into UK law as the NIS Regulations 2018).
The Directive aims to prevent large-scale service outages by critical infrastructure operators (i.e. the walls that stand between functional society as we know it and, well, apocalypse).
Although, as a telecommunications provider, O2 is not in the NIS Regulations’ scope, it invites the question: could a strict regime of cyber resilience, as promoted by the NIS Regulations, have helped prevent this incident?
Let us know your thoughts in the comments below.