June 03, Colombo (LNW): Authorities at the National Water Supply and Drainage Board (NWSDB) have confirmed that a recent cyber intrusion targeting their SMS communication system has not resulted in any loss or compromise of sensitive customer data.
The incident, which unfolded on Sunday, involved an unauthorised attempt to access the Board’s web-based systems, leading to a temporary disruption in its SMS services.
According to Additional General Manager Pradeep Herath, whilst the infiltration allowed the unidentified perpetrator to send out around 10,000 deceptive text messages to customers’ mobile phones, internal systems containing user data remained secure.
The attacker reportedly issued messages urging recipients to make payments in exchange for access to their own information—a tactic reminiscent of common phishing or ransomware schemes, though no payment platform was engaged.
The Board acted swiftly to regain control of the SMS platform, cutting off the unauthorised access and restoring normal operations within hours. Affected customers were subsequently notified about the fraudulent nature of the messages, with reassurances that no action was required on their part.
The organisation has since launched a specialised programme to enhance the security infrastructure surrounding its digital platforms.
This breach has raised broader concerns over the vulnerability of state-run digital infrastructure. In response, the Sri Lanka Computer Emergency Readiness Team (SLCERT) has announced plans to implement round-the-clock monitoring mechanisms for public sector websites.
Charuka Damunupola, a senior cybersecurity analyst at SLCERT, noted that weaknesses in existing security protocols may have contributed to the success of the intrusion. He stressed the urgent need for robust preventative measures across all government-managed web platforms.
