After last week’s major O2 4G mobile network outage which left millions of customers with no network data access has been blamed on an expired software certificate that 3rd party supplier Ericsson had installed for some customers at business-critical part of the network.

What Happened?

On Thursday last week, O2 smartphone users were unable to use their mobile phone data for 24 hours.  O2, which is owned Spanish communications company Telefonica, has the UK’s second-largest mobile network, which is part of BT, and as well as having 25 million users, it provides services for the Sky, Tesco, Giffgaff and Lycamobile networks (whose networks were also affected).  It is estimated, therefore, that the outage affected around 35 million users in the UK and other parts of Europe (and even Japan’s SoftBank).

As well as the considerable disruption and inconvenience caused to individual customers, there were knock-on disruptive effects for organisations that run connectivity services on O2’s network, including Transport for London (TfL), Shropshire Council and a number of NHS trusts. In the case of TfL, bus information display boards, part of the Countdown Systems network, stopped working at approximately 5 am. Shropshire Council reported problems with its car park payment machines, which use O2 data connections.

£Millions In Damages + Compensation Expected

The scope, severity and duration of O2’s data network outage, and the impact on the company’s reputation as well as on its users have led to reports that 02 looks likely to seek up to £100 million in damages from Ericsson.

Also, O2 has already made announcements about how it plans to compensate customers.  For example, Pay As You Go customers look set to get 10% extra when they top up their phone in the new year or 10% off when they buy data for mobile broadband devices.

Both O2 and Ericsson have apologised.  It has been reported that Telefonica’s UK chief executive Mark Evans has promised a full audit of the problem across both organisations, and Marielle Lindgren, chief executive of Ericsson UK and Ireland has said that the software that caused the issues will be decommissioned.

What Does This Mean For Your Business?

Modern businesses now rely heavily on stable and reliable broadband connections and data network services.  Any disruption to these can be very disruptive and costly to businesses with potentially disastrous consequences.  In this case, a whole day was lost, and the true cost to UK businesses  (and their customers) may be difficult to calculate. For O2 and Ericsson, the incident appears to have caused some damage to their reputations.

As several tech commentators have since pointed out, the incident has illustrated how complex IT infrastructure has become and how, despite this complexity, organisations must stay on top of matters relating to software certificates, particularly those in business-critical systems. This incident also illustrates how problems with machine identities at critical nodes can have a wide-reaching impact on business and the economy.

Some commentators have also highlighted how operators picking up more IoT traffic and the introduction of 5G could mean that businesses are likely to experience more outages of this nature in the future.  The incident with O2 may also make some businesses take another look at their mobile strategies, feel less comfortable putting all their communications through a mobile operator, and take steps to reduce their dependence on any single external point of failure.