Ransomware victim disclosure
← All victimsDepartment of Pensions, Sri Lanka
listed as Pensions.gov.lk · Claimed by Cloak · listed 1 year ago
Status timeline
- ListedJun 27, 2025
- Data leakeddate unknown
At a glance
- Group
- Cloak
- Status
- Data leaked
- Country
- Sri Lanka
- Sector
- Public Sector
- Listed on leak site
- Jun 27, 2025
About the victim
AI dossier — public-source company profileThe Department of Pensions is a Sri Lankan government agency responsible for managing pension services for public officers, tri-forces personnel, and retirees. It operates the Pensions Management System (PMS), processes pension applications, manages death gratuities, and administers public service provident funds and government holiday resorts.
- Industry
- Public Sector - Government Pensions Administration
- Address
- Colombo, Sri Lanka
Attack summary
Severity: high — Compromise of a national government pension administration system handling sensitive personal data (PII, financial records) of public officers and pensioners at scale; critical infrastructure impact. However, no proof files or detailed data inventory from the group post limits confidence.The Cloak ransomware group claims to have compromised the Department of Pensions website (Pensions.gov.lk). The leak post excerpt is AI-generated and contains no substantive details about what data was exfiltrated, encrypted, or the scope of the breach.
Data the group says was taken
AI dossier — extracted from the leak post- Pension application records
- Public officer personal data
- Pensioner information
- Banking details
- Government employee records
Original description
AI-summarised, not from the leak postN/A
Sources
- Victim sitePensions.gov.lk
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

