PENSIONS DEPARTMENT HIT BY RANSOMWARE ATTACK; NO DATA LOSS REPORTED

PENSIONS+DEPARTMENT+HIT+BY+RANSOMWARE+ATTACK%3B+NO+DATA+LOSS+REPORTED

The Department of Pensions has issued a statement regarding a ransomware attack on its information technology systems during the first week of April.

The statement clarified that while the Pensions Department had implemented technical solutions for online service delivery through its pension management system since around 2016, and had cybersecurity measures in place, an immediate investigation was launched via the Sri Lanka Computer Emergency Readiness Team (SLCERT) as soon as the incident was reported.

The department's statement confirmed that efforts to restore the online information systems are already underway, ensuring that no operations were disrupted due to this cyber-attack.

Furthermore, current observations indicate that no data was corrupted or lost during the attack when the department's information systems were reactivated.

Currently, the payment of pension benefits and other departmental services remains unaffected.

There are also no technical impediments to implementing the pension amendments proposed in the budget.

The statement further outlined the immediate steps taken by the department to restore information systems and enhance the security of data and information systems following the cyber-attack:

Upon identifying the incident, an immediate investigation was launched in coordination with SL CERT, and information regarding the cyber-attack has been uncovered.

Measures have been taken to further enhance existing cybersecurity provisions in collaboration with SL CERT and the Pensions Department's contracted cybersecurity service provider.

Data systems containing sensitive pensioner information have been secured under a proactive threat identification mechanism. SL CERT's 24/7 investigation unit will continuously monitor these data systems for any potential risks.

An investigation into the exposure of pensioner information to external parties is being conducted through SL CERT. Based on the results of this investigation, steps will be taken to prevent any prejudice to the department's clients, and clients will be informed accordingly.