Cyber attack : Pension Dept issues clarification

May 28, 2025 at 6:21 PM

The Department of Pensions has confirmed that a recent cyberattack targeting its IT infrastructure has not resulted in data loss or a disruption to services, stating that system functions have since been restored, based on current observations.

In an official statement, Director General Chaminda Hettiarachchi assured that the department’s operations remain unaffected and that the implementation of pension revisions announced in the 2025 Budget continues without interruption.

The department noted that it immediately alerted the Sri Lanka Computer Emergency Readiness Team (SLCERT) upon detecting the incident, prompting a swift investigation and the initiation of measures to strengthen cybersecurity defenses. Additional steps have been taken to secure sensitive data handled by the department, the statement said.

While SLCERT continues to investigate the incident, the Department of Pensions said it will notify its service recipients accordingly.

Cybersecurity monitoring platform FalconFeeds.io has attributed the attack to the Cloak ransomware group, a known cybercriminal outfit that typically encrypts sensitive data and demands ransom payments for its release or non-disclosure.

Cybersecurity experts called for urgent action, pointing out that FalconFeeds.io had earlier flagged a data breach involving Cargills Bank in March 2025. (Newswire)