Protecting Your Personal Information in Sri Lanka

Protecting Your Personal Information in Sri Lanka

In the digital age, protecting personal information has become paramount. 

The April 2022 cybersecurity incident involving PayHere, a Sri Lankan online payment gateway, is a stark reminder of this necessity. 

This breach not only disrupted services but also compromised sensitive data. 

Such incidents highlight the need for individuals and organizations to adopt stringent cybersecurity measures. 

This article provides detailed insights into avoiding personal information leaks through third parties and steps to take if your data is compromised in Sri Lanka.

Understanding the Risks

Third-party services, from payment processors to social media platforms, often handle significant personal data. 

However, the convenience of these services comes with potential security risks, as seen in the PayHere incident, where attackers exploited a vulnerability during the merchant onboarding process. 

Recognizing these risks is the first step in protecting yourself.

How to Avoid Data Leaks

1. Vet Third-party Services Thoroughly

  • Research: Research the company’s reputation before company service. Look for reviews about their security practices and past data breaches.
  • Transparency: Choose transparent companies about their security practices and data handling procedures.

2. Use Strong, Unique Passwords

  • Password Managers: Use a reputable password manager to generate and store complex passwords. Unique passwords for each service ensure that a breach in one doesn’t compromise3. Enable Two-factor Authentication (2FA)
  • Extra Security Layer: Always activate 2FA where available. This requires not just a password and username but also something only the user has on them, such as a physical token or a mobile phone application, providing an additional layer of security.

4. Monitor Your Accounts Regularly

  • Alerts and Statements: Regularly check your statements and set up alerts for unauthorized transactions. Early detection can minimize damage.

5. Educate Yourself on Phishing Attacks

  • Awareness Training: Be vigilant about phishing tactics. Never click on unsolicited links or attachments. Verify the authenticity of requests for personal information.

Steps to Take if Your Data is Compromised

1. Act Immediately

  • Change Passwords: Change your passwords immediately. If similar passwords have been used elsewhere, change those as well.
  • Contact Affected Services: Notify the services where your information has been compromised. They may have additional steps to secure your account.

2. Monitor Your Financial Accounts

  • Fraud Alerts: Place fraud alerts on your credit reports. Monitor your financial accounts for unusual activity.

3. Report the Incident

  • National Authorities: Report the breach to local authorities. In Sri Lanka, contact the Cyber Crime Investigation Division of the Sri Lanka Police.
  • CERT: Report to the Sri Lanka CERT (Computer Emergency Readiness Team), which can guide you on further actions and help mitigate the risks.

4. Stay Informed

  • Security Updates: Follow the updates from the affected service to learn what measures they are taking and how they affect you.

5. Legal Recourse

  • Consult a Lawyer: If the breach has significant repercussions, consult a lawyer to understand your legal options. If the service provider was negligent, you might be entitled to compensation.


While third parties can significantly enhance functionality and efficiency, their use comes with potential cybersecurity risks. 

By implementing robust security measures and maintaining vigilance, individuals can protect themselves against data breaches. 

In case of a data compromise, immediate and informed action is crucial to mitigate damage. 

As digital landscapes evolve, so should our approaches to securing personal information.


Share on Facebook