A threat actor has allegedly breached the Sri Lanka Ministry of Finance, placing a vast trove of sensitive data and high-level system access up for sale on a dark web forum. The Ministry of Finance is a critical government institution in Sri Lanka, responsible for managing the nation’s public finances, economic policies, and financial regulations. The alleged breach could have severe implications for the country’s national security and the privacy of its government employees. The actor claims the data was exfiltrated in 2025 and is offering proof of access to serious buyers.
The data for sale allegedly contains highly sensitive personal and professional information belonging to thousands of government officials and employees. The threat actor is also selling what they describe as “FULL RDP and SSH Root Access to Core Servers” for a price of $4,000 in Bitcoin, which would grant a buyer complete control over the ministry’s core digital infrastructure. The listed data allegedly includes:
- Full Names, Government ID Numbers
- Home Addresses and Work Addresses
- Personal Phone numbers and Work Email Addresses
- Mobile and Landline Phone Numbers
- Plain Text Passwords
- Salary Grades and Department Information
