{"id":4449,"date":"2025-04-08T19:13:59","date_gmt":"2025-04-08T13:43:59","guid":{"rendered":"https:\/\/ceylondailynews.lk\/home\/?p=4449"},"modified":"2025-04-08T19:31:26","modified_gmt":"2025-04-08T14:01:26","slug":"cargills-data-leak","status":"publish","type":"post","link":"https:\/\/ceylondailynews.lk\/home\/2025\/04\/08\/cargills-data-leak\/","title":{"rendered":"Colombo Court Orders to Block Access Over Cargills Data Leak"},"content":{"rendered":"
\n

Massive data leak at Cargills Bank sparks court order to block websites\u2014find out what was exposed.<\/strong><\/em><\/h4>\n
\n

Colombo Court Orders TRCSL<\/a> to Block Websites Sharing Cargills Bank Data: A Wake-Up Call for Cybersecurity in Sri Lanka<\/strong><\/h1>\n

 <\/p>\n

What Happened?<\/strong><\/h3>\n

In a dramatic move that underscores the gravity of Sri Lanka\u2019s biggest ever data breach, the Colombo Chief Magistrate\u2019s Court has ordered the Telecommunications Regulatory Commission of Sri Lanka (TRCSL<\/a>) to block access to all websites and social media platforms sharing illegally obtained data from Cargills Bank PLC. The decision followed a petition filed by the bank after a reported breach exposed over 1.9 terabytes of sensitive customer and staff data<\/strong>.<\/p>\n

Who Filed the Petition and Why?<\/strong><\/h3>\n

The legal complaint was filed on April 4, 2025, by attorneys representing Cargills Bank under Section 24 of the Online Safety Act No. 9 of 2024. The case\u2014No. 43022\/1\/25\u2014targets all local Internet Service Providers (ISPs) and TRCSL. Cargills is seeking to prevent the continued online spread of its leaked internal documents and customer data.<\/p>\n

\n

The Cargills Bank Data Breach Incident<\/strong><\/h2>\n

Timeline of Events<\/strong><\/h3>\n
    \n
  • \n

    March 20<\/strong> \u2013 Reports emerge of a cyberattack on Cargills Bank.<\/p>\n<\/li>\n

  • \n

    March 21 & 25<\/strong> \u2013 Bank confirms unauthorized access but offers vague details.<\/p>\n<\/li>\n

  • \n

    April 2<\/strong> \u2013 Official confirmation of the breach\u2019s authenticity.<\/p>\n<\/li>\n

  • \n

    April 4<\/strong> \u2013 Cargills files a court case and gets a blocking order.<\/p>\n<\/li>\n<\/ul>\n

    What Was Leaked?<\/strong><\/h3>\n

    The hackers reportedly dumped over 1.9TB<\/strong> of data online\u2014totaling more than 1.1 million files<\/strong>. The leaked information includes:<\/p>\n

      \n
    • \n

      NIC and passport photos<\/p>\n<\/li>\n

    • \n

      Specimen signatures<\/p>\n<\/li>\n

    • \n

      CRIB reports<\/p>\n<\/li>\n

    • \n

      Internal audit reports<\/p>\n<\/li>\n

    • \n

      Private employee records<\/p>\n<\/li>\n

    • \n

      Interview evaluations<\/p>\n<\/li>\n<\/ul>\n

      Hunters International \u2013 Who Are They?<\/strong><\/h3>\n

      The cybercriminal group Hunters International<\/strong>, known for ransomware attacks, is suspected to be behind the breach. Reports suggest they infiltrated the bank\u2019s systems but did not immediately encrypt the data\u2014leaving it wide open for mass theft and exposure.<\/p>\n

      \n

      The Court\u2019s Intervention<\/strong><\/h2>\n

      Legal Action Under the Online Safety Act<\/strong><\/h3>\n

      The petition was filed under Section 24 of the Online Safety Act<\/strong>, which allows courts to issue orders against platforms involved in the spread of illegal or harmful online content.<\/p>\n

      Who Are the Respondents?<\/strong><\/h3>\n

      Respondents include TRCSL<\/strong> and all Sri Lankan ISPs<\/strong>. The order is aimed at disrupting the spread of hacked content and preventing further reputational and operational damage to the bank.<\/p>\n

      What the Court Ordered<\/strong><\/h3>\n

      All relevant websites, including social media accounts sharing the data, must be immediately blocked<\/strong>. The case has been scheduled for review on April 21<\/strong>.<\/p>\n

      \n

      The Impact on Customers<\/strong><\/h2>\n

      Sensitive Customer Info Exposed<\/strong><\/h3>\n

      Thousands of customers had their NICs, phone numbers, addresses, and financial records exposed. Some videos even showed individuals reading out private data aloud.<\/p>\n

      Risks of Identity Theft and Scams<\/strong><\/h3>\n

      This data dump is a goldmine for scammers. With so many personal details floating around, customers face risks of identity theft, forgery, and financial fraud<\/strong>.<\/p>\n

      Bank\u2019s Response and Reassurance<\/strong><\/h3>\n

      Cargills claims it\u2019s working with global cybersecurity experts<\/strong>, isolating affected systems, and enhancing security protocols. It insists core banking services remain unaffected<\/strong>.<\/p>\n

      \n

      Cybersecurity Failures at Cargills Bank<\/strong><\/h2>\n

      Unpatched Systems and Audit Warnings<\/strong><\/h3>\n

      Leaked internal audits from 2023\u20132024 paint a bleak picture. Despite repeated warnings, key issues like unpatched firewalls<\/strong>, missing security logs, and poor disaster recovery planning went unaddressed.<\/p>\n

      Lapses in Firewall and Access Control<\/strong><\/h3>\n

      Since 2022<\/strong>, no formal firewall access reviews were done. Some systems even lacked basic password protection<\/strong>.<\/p>\n

      Mismanagement of Sensitive Data<\/strong><\/h3>\n

      Audit reports flagged multiple instances of unencrypted storage<\/strong>, inconsistent patching<\/strong>, and unregulated USB access<\/strong>. One audit even noted a 26-day backup failure<\/strong> on critical servers.<\/p>\n

      \n

      Sri Lanka\u2019s Cybersecurity Landscape<\/strong><\/h2>\n

      A Pattern of Breaches<\/strong><\/h3>\n

      This isn\u2019t the first. In 2023, PayHere\u2014a payment gateway\u2014suffered a massive breach, exposing 65GB of data. But Cargills’ breach overshadows it entirely in volume and severity.<\/p>\n

      Where\u2019s the Personal Data Protection?<\/strong><\/h3>\n

      Although the Personal Data Protection Act (PDPA)<\/strong> was passed in 2022, enforcement has lagged. It was supposed to be in full force by March 2025\u2014but little has changed on the ground.<\/p>\n

      Why Regulation Alone Isn\u2019t Enough<\/strong><\/h3>\n

      Laws mean nothing without implementation. What\u2019s needed is cyber accountability<\/strong>, public transparency<\/strong>, and real-time enforcement<\/strong>.<\/p>\n

      \n

      Public Response and Backlash<\/strong><\/h2>\n

      Journalists and Digital Activists Speak Out<\/strong><\/h3>\n

      Digital rights activists criticized the bank’s silence. Many accused Cargills of hiding the true scale<\/strong> of the incident.<\/p>\n

      Social Media Storms and Silence from Cargills<\/strong><\/h3>\n

      It took one viral tweet from user @dinidu to bring public awareness. The bank\u2019s initial reaction? Three generic posts with no details.<\/p>\n

      \u201cGedara Yana Gaman\u201d Attitude<\/strong><\/h3>\n

      Critics say Cargills\u2019 response reflects a culture of brushing issues under the rug until public outrage forces action.<\/p>\n

      \n

      Consequences for the Banking Sector<\/strong><\/h2>\n

      Eroding Public Trust in Banks<\/strong><\/h3>\n

      If a major player like Cargills can be so easily breached and fail to inform stakeholders<\/strong>, what about smaller banks?<\/p>\n

      What This Means for Financial Digitalization<\/strong><\/h3>\n

      Sri Lanka\u2019s push for digital finance now faces a hurdle\u2014public trust<\/strong>. No one will embrace digital services without strong data protections.<\/p>\n

      \n

      The Role of TRCSL and ISPs<\/strong><\/h2>\n

      Enforcing Online Safety Act<\/strong><\/h3>\n

      This is a test of TRCSL\u2019s power. Can it effectively block<\/strong> access to leaked data across all platforms?<\/p>\n

      Censorship vs. Data Transparency<\/strong><\/h3>\n

      While stopping harmful content is essential, total censorship<\/strong> can suppress important discussions about accountability.<\/p>\n

      \n

      Lessons Learned and the Way Forward<\/strong><\/h2>\n

      Investing in Real Cybersecurity<\/strong><\/h3>\n

      Banks and public institutions must move beyond compliance checklists and truly invest<\/strong> in cyber resilience.<\/p>\n

      The Importance of Transparency<\/strong><\/h3>\n

      Hiding breaches only makes things worse. Openness builds trust. Silence, meanwhile, fuels speculation and fear.<\/p>\n

      Empowering the Public with Information<\/strong><\/h3>\n

      Customers deserve to know what happened to their data\u2014and how to protect themselves in the aftermath.<\/p>\n

      \n

      <\/h2>\n

      The Cargills Bank data breach is more than just a cyberattack\u2014it\u2019s a wake-up call for the entire nation<\/strong>. It exposes gaps not only in technical defenses but also in transparency, accountability, and public communication<\/strong>. As the legal system steps in to control the narrative, one question remains: How much personal data needs to be violated before we take digital safety seriously?<\/strong><\/p>\n

      FAQs<\/strong><\/h2>\n

      1. What is the Online Safety Act of 2024?<\/strong><\/h3>\n

      It\u2019s a Sri Lankan law designed to combat harmful online content, including data leaks, hate speech, and misinformation.<\/p>\n

      2. How can I check if my data was breached?<\/strong><\/h3>\n

      There\u2019s no official site yet, but if you bank with Cargills, contact customer service and monitor your financial activity closely.<\/p>\n

      3. What steps should affected customers take?<\/strong><\/h3>\n

      Update your banking passwords, freeze your credit if necessary, and report any suspicious activity to the authorities.<\/p>\n

      4. Why is this breach significant for Sri Lanka?<\/strong><\/h3>\n

      It\u2019s the largest known data breach in Sri Lanka\u2019s history\u2014affecting both financial and personal data on a massive scale.<\/p>\n

      5. Can TRCSL block international websites?<\/strong><\/h3>\n

      TRCSL can block access within Sri Lanka, but international sites can only be restricted with cooperation from foreign hosts and platforms.<\/p>\n","protected":false},"excerpt":{"rendered":"

      Massive data leak at Cargills Bank sparks court order to block websites\u2014find out what was exposed. Colombo Court Orders TRCSL to Block Websites Sharing Cargills Bank Data: A Wake-Up Call… <\/p>\n","protected":false},"author":1,"featured_media":4455,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"rop_custom_images_group":[],"rop_custom_messages_group":[],"rop_publish_now":"yes","rop_publish_now_accounts":{"twitter_205606689_205606689":""},"rop_publish_now_history":[],"rop_publish_now_status":"pending","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[3,16,13],"tags":[4302,4303,4313,4306,4305,4315,4312,4310,4316,4307,4314,4311,4309,4308,4304],"class_list":["post-4449","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-local","category-local-home","category-main-story","tag-cargills-bank-data-breach","tag-colombo-court-order","tag-cyber-risk-management","tag-cybersecurity-breach","tag-data-leak-sri-lanka","tag-data-privacy-sri-lanka","tag-digital-finance-security","tag-hunters-international","tag-it-security-overhaul","tag-online-safety-act","tag-online-safety-compliance","tag-personal-data-protection","tag-ransomware-attack","tag-sensitive-data-exposure","tag-trcsl-block-websites"],"_links":{"self":[{"href":"https:\/\/ceylondailynews.lk\/home\/wp-json\/wp\/v2\/posts\/4449","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ceylondailynews.lk\/home\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ceylondailynews.lk\/home\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ceylondailynews.lk\/home\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ceylondailynews.lk\/home\/wp-json\/wp\/v2\/comments?post=4449"}],"version-history":[{"count":2,"href":"https:\/\/ceylondailynews.lk\/home\/wp-json\/wp\/v2\/posts\/4449\/revisions"}],"predecessor-version":[{"id":4453,"href":"https:\/\/ceylondailynews.lk\/home\/wp-json\/wp\/v2\/posts\/4449\/revisions\/4453"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ceylondailynews.lk\/home\/wp-json\/wp\/v2\/media\/4455"}],"wp:attachment":[{"href":"https:\/\/ceylondailynews.lk\/home\/wp-json\/wp\/v2\/media?parent=4449"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ceylondailynews.lk\/home\/wp-json\/wp\/v2\/categories?post=4449"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ceylondailynews.lk\/home\/wp-json\/wp\/v2\/tags?post=4449"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}