Ransomware victim disclosure
← All victimsBank of Ceylon (UK) Ltd
listed as Bankofceylon.co.uk · Claimed by Cloak · listed 3 years ago
Status timeline
- ListedDec 1, 2023
- Data leakeddate unknown
At a glance
- Group
- Cloak
- Status
- Data leaked
- Country
- United Kingdom
- Sector
- Financial Services
- Listed on leak site
- Dec 1, 2023
About the victim
AI dossier — public-source company profileBank of Ceylon (UK) Ltd is a fully authorised and regulated UK bank (PRA/FCA), operating since 1949 as a subsidiary of Sri Lanka's largest bank, Bank of Ceylon. Based in the City of London, it specialises in money remittance to Sri Lanka, trade finance, wholesale and correspondent banking, deposits, and commercial/buy-to-let lending, serving both individual and institutional customers.
- Industry
- Retail & Wholesale Banking (UK-Sri Lanka Corridor)
- Address
- No 1 Devonshire Square, London EC2M 4WD, United Kingdom
- Founded
- 1949
Attack summary
Severity: critical — The victim is a PRA/FCA-regulated bank holding regulated financial and personal data for customers across the UK-Sri Lanka corridor. Data has been published (not merely announced), confirming exfiltration of what is almost certainly regulated financial PII at scale from a licensed deposit-taking institution, meeting the critical threshold.The Cloak ransomware group claims to have attacked Bank of Ceylon (UK) Ltd and has published data (disclosed status: data_published), indicating exfiltration of data from a regulated UK financial institution; no ransom amount or data volume has been stated.
Data the group says was taken
AI dossier — extracted from the leak post- Customer financial records
- Personal identification information
- Banking transaction data
- Trade finance documentation
- Loan and mortgage records
- Correspondent banking data
- Internal business communications
What the group claims
Country: United Kingdom
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

