News
Pensions Dept. steps up data protection after hackers’ raid
View(s):- Strictly warns pensioners not to share OTPs and sensitive information with others
By Tharushi Weerasinghe
The Pensions Department is overhauling its internal computer systems and software following the recent ransomware attack that compromised pensioner data.
A breach was first reported to the Computer Emergency Readiness Team (CERT) on April 2. While emergency protocols were activated and systems were swiftly recovered, hackers had already accessed department information. On the same day, Cloak Ransomware—a cybercrime group—posted about an unidentified victim, “pe*.lk.” on websites in the dark web. On May 26, the group revealed the full domain name and uploaded more than 617GB of data for download on its dark web portal.
News of the breach surfaced on X (formerly Twitter) when FalconFeeds.io, a threat intelligence platform for cybersecurity professionals and businesses, shared details of the listing.
“Even though we had the same firewalls and guards that every government digital system has, we were using them on much older versions of software on our devices,” Pensions Department Director General Chaminda Hettiarachchi noted.
CERT and the Computer Crimes Investigation Division are inquiring into the loopholes that exposed the system to the attack. “We will act on all advice for further improvement and have also asked the cybercrime unit of the Defence Ministry for support to build a more robust digital system and avoid incidents like this in future,” the Pensions Chief said.
He also assured that no data were missing from the department’s servers, but the leaked information is now at large. “We have not ascertained which exact files have been compromised, but we usually store addresses, names, ID copies, and bank details at the Pensions Department,” he said.
The motivaaion behind the attack remains unclear, but experts pointed out that hacker groups most likely “knock on any systems to see which is penetrable.”
“This is an eye-opener to all banks and government institutions about the risks of cyberattacks,” he warned.
“These groups usually target datasets with malware and hold the information and demand a ransom,” Charuka Damunupola, Senior Information Security Engineer at CERT, explained, adding that the Pensions Department reported the incident to CERT in time for emergency protocols to be activated. “We worked with the department’s IT team to recover the data and the systems, but the hackers had still accessed the information and were able to put the data up for sale.”
Mr. Damunupola noted that while this was limited to the dark web initially, it appeared that some of the data had since made their way to the general web.
Hackers typically encrypt the compromised files and demand a ransom for decryption. In this case, while there was no confirmed data loss, there has been a significant breach of privacy involving pensioner information.
CERT is investigating the scope of the exposure, including how much data is in circulation and which pensioners have been affected.
The primary threat now lies in scammers using the stolen information to target pensioners for identity theft or financial fraud, officials warned.
“This age group is particularly vulnerable because of low computer literacy,” Mr. Damunupola said. “There’s a real risk of online scams or unauthorised transactions being carried out using this information.”
Authorities have urged the public, especially elderly pensioners, not to share One-Time Passwords (OTPs) or other sensitive information under any circumstances.
Mr. Damunupola added that the leaked data still compromised a relatively small portion of the total storage of information at the Pensions Department, which contains about 10 TB (10,000 GB) of information on 726,000 pensioners.
On Friday, the department sent out warning texts to registered pensioners advising them against sharing OTPs or other financial information with third parties and sent out letters saying the same to the pensioners on their database.
Cloak Ransomware, which first emerged in late 2022, has been linked to more than 100 attacks globally. The group typically uses double extortion tactics, encrypting data and threatening to leak it online, and has targeted entities across healthcare, construction, IT, and public institutions. One of its most high-profile attacks was a 2025 breach of the Virginia Attorney General’s Office in the US, during which 134GB of data was stolen and systems disrupted.
The best way to say that you found the home of your dreams is by finding it on Hitad.lk. We have listings for apartments for sale or rent in Sri Lanka, no matter what locale you're looking for! Whether you live in Colombo, Galle, Kandy, Matara, Jaffna and more - we've got them all!