Members of Parliament on the Committee of Commissions, Statutory Authorities and State Enterprises (Cosase) have advised the National Water and Sewerage Corporation (NWSC) to sue staff who were dismissed for hacking into 17 servers wiping out all financial records in 2022.
The committee learnt that as a result, the Auditor General was unable to audit the corporation’s financial reports for the 2021/2022 financial year.
Legislators said it was insufficient to simply lay off staff whose conduct was both illegal and a threat to NWSC’s investments.
“These people acted illegally; why do you give them a simple slap? There is evidence pinning them and let the legal process take its course,” said the Committee Chairperson, Hon. Joel Ssenyonyi.
Ssenyonyi said this while chairing the meeting with officials from NWSC over the audit queries in the Auditor General’s Report for the Financial Year 2021/2022 on Tuesday, 04 April 2023.
MPs learnt that NWSC conducted an internal investigation on the hacked Information, Communication and Technology (ICT) system and the report faulted three of its staff.
Two of them have had their contracts terminated and the third transferred to another department.
Legislators observed that the corporation handled the matter lightly saying there should be stringent measures to deter any re-occurrence.
“Do you want lawsuits from your own workers? There is a case of unfair dismissal against UGAFODE by its former staff who were terminated for similar reasons,” said Hon. Richard Sebamala (DP, Bukoto Central).
The committee learnt that it cost NWSC Shs180 million and two months to reconstruct its critical databases such as the financial system.
Their failure to take to court such a matter according to Kazo County MP, Hon. Dan Atwijukire, leaves one wondering what the Corporation was afraid of.
“You may find that they are afraid to go to court because they fear to lose the case and pay heavily for the lawsuit,” said Atwijukire.
MPs also said the transfer of one suspected staff to another department was unwise saying there was no guarantee that he or she would not repeat the attack.
NWSC Managing Director, Silver Mugisha said the corporation has opted to take disciplinary action on suspects, strengthen its ICT systems and limit access as opposed to seeking court redress.
“In addition to taking disciplinary action on those suspected to have hacked into the servers, we have strengthened our ICT governance systems and we have shifted our critical systems to cloud hosting system,” said Mugisha.