Over the past few days, mobile users, particularly Nepal Telecom subscribers, have been receiving repeated SMS messages urging them to join royalist protests. Sent using IDs such as “AT Alert” and “SI Alert,” the messages have triggered widespread concern on social media over how mobile numbers were accessed without consent.

By Tuesday, an estimated six million messages had been circulated. Sent in the name of Nirdesh Sedhai, the texts called for the abolition of provinces and the establishment of a “sanatani great monarchy in Nepal” with a directly elected prime minister, suggesting an organised campaign using bulk SMS gateways.

Journalist Devaki Bista wrote on Facebook that she had been receiving the messages for the past two to three days from an unknown sender. Objecting to the unauthorised use of her number, she reported the matter to the Nepal Police, calling the act illegal and condemnable.

The mass messaging has raised broader questions about citizens’ privacy and data security, particularly on the source of the mobile numbers used. Rajan Koirala, sales and marketing manager at Akash SMS, a bulk messaging service provider, said the “AT Alert” sender ID belonged to his company. He said Akash SMS had signed an agreement about 15 days ago with an organisation named Vedvyas Enterprises Private Limited to send messages.

According to Koirala, Sedhai owns the Vedvyas Enterprises. He said the firm had previously used Akash SMS to send business promotional messages, which is why the client was trusted. After the controversial messages were sent, Akash SMS tried to contact the client but has so far been unable to reach him. The messages were delivered through Nepal Telecom’s network.

Koirala said the account was blocked only after around five to six million messages had already been sent. Attempts to contact Sedhai on his mobile phone were unsuccessful.

Akash SMS has between 12,000 and 15,000 clients and does not have a system to monitor or filter all content in real-time, Koirala said. “We are value-added service providers for Nepal Telecom and Ncell,” he said.

Nepal Telecom, in a statement issued on Tuesday, denied providing customers’ personal mobile numbers or any other details. It said value-added service systems taken for commercial purposes had been misused to send political messages. The state-owned operator reiterated that it does not share subscribers’ personal data and said it remains committed to protecting customer privacy.

The regulator, the Nepal Telecommunications Authority, said it is investigating the incident and trying to identify the originator of the messages. An authority official said it would not be possible to send such a large volume of messages using randomly generated numbers, raising suspicions of a data breach or theft.

Authority spokesperson Min Prasad Aryal said the regulator has sought clarification from Nepal Telecom.

Advocate Baburam Aryal said the case centres on data misuse and the source of the collected numbers. He said the incident clearly violates the Privacy Act, the Advertisement Regulation Act and the Telecommunications Act.

The Privacy Act 2018 states that personal information collected for one purpose cannot be used for another. It lists telephone numbers and email addresses as personal information and prohibits their use without consent. The Advertisement Regulation Act 2019 also bars sending promotional messages via SMS or email without the recipient’s approval.