The official website of Sri Lanka Railways was targeted in a cyberattack on Sunday, railway authorities confirmed, with the impact limited to the train schedule system.
As a precautionary measure, officials have temporarily disabled the affected timetable section of the website while technical teams work to repair the damage and restore normal service. The remainder of the website remains unaffected, authorities said, and engineers are working to bring the schedule system back online as soon as possible.
No further details about the perpetrators, scope or method of the attack have been released. Sri Lanka Railways did not say whether passenger data or ticketing systems were touched, or whether the Sri Lanka Computer Emergency Readiness Team (SLCERT) had been formally engaged on the incident.
The disruption comes weeks after a similar incident at a Sri Lankan ministry, when the Public Administration Ministry website was breached and data was advertised for sale online, prompting an active CID investigation. Government cybersecurity exposure has emerged as a recurring policy concern in 2026, with SLCERT this month warning of large-scale financial-fraud and impersonation campaigns ahead of Vesak and Poson.
The railway operator’s timetable platform is the primary online reference passengers use to plan intercity and commuter services, and authorities urged users to seek schedule information through station offices or telephone enquiries until the system is restored. Sri Lanka Railways is in the middle of a multi-billion-rupee modernisation programme that includes an ADB-backed Rs. 2.1 billion upgrade of Fort Railway Station and a planned shift to electric commuter services, much of which depends on networked operational systems.
Update — June 15: Website restored, timetable still offline
Sri Lanka Railways announced on Monday morning that the Department’s official website is back online following the Sunday-night cyberattack, but said the timetable section remains offline. The Department added that no train schedules have been revised so far. Engineers continue to work on restoring the schedule system, the operator said.
Sources: Sri Lanka Railways website’s train schedule system hit by cyberattack — Ada Derana, June 14; Sri Lanka Railways website hit by cyberattack — Newswire, June 14; Sri Lanka Railways Official Website Back Online — NewsFirst, June 15.
