moa.gov.eg Listed by lockbit5 Ransomware Group
The Ministry of Agriculture and Land Reclamation is a governmental body focused on advancing agricul...
On February 17, 2026, the Egyptian Ministry of Agriculture and Land Reclamation appeared on the LockBit 5 ransomware leak site with internal files listed as exfiltrated. The breach affects anyone whose personal or family information was stored in the ministry’s systems, including citizens who interacted with agricultural services, land registration, or related government programs.
Confirmed Facts from Reporting
Public reporting indicates the ministry was hit by a ransomware attack in which attackers exfiltrated internal documents before encrypting systems. The data was published on the LockBit 5 leak site on February 17, 2026. No exact victim count has been released, and the precise volume or specific categories of records remain unclear from available reporting. The ministry oversees national agriculture policy, land reclamation projects, and farmer support programs, meaning the stolen files could contain names, national identification numbers, contact details, land ownership records, or financial assistance data for ordinary Egyptian families.
Why This Matters for You and Your Family
When a government ministry that handles everyday citizen records is breached, the fallout reaches far beyond official channels. If your family has ever applied for farming subsidies, registered land, requested veterinary certificates, or used any ministry service, your information may now sit in a publicly accessible ransomware repository. Internal files often include scanned documents, spreadsheets of beneficiaries, and correspondence that contain full names, addresses, phone numbers, and government ID numbers. Once exposed, this data rarely stays contained. It moves quickly into broader criminal networks where it can be combined with other leaks to build detailed profiles of you and your relatives.
The Doxxing and Identity-Chain Implications
Ransomware groups do not always publish every file they steal, but the mere act of listing a victim signals that sensitive material is available to the highest bidder or anyone persistent enough to search dark-web forums. A single leaked government record can anchor an identity chain: an email address links to a reused password, a phone number ties to social-media accounts, and a child’s name or school detail can surface in gaming platforms. These chains turn one breach into repeated targeting. Credential leaks like this one frequently cascade into account takeovers on personal email, banking apps, and especially gaming accounts belonging to you or your children. Doxxers follow these links to publish home addresses, family photos, and contact information, increasing risks of harassment, fraud, and physical threats.
LockBit 5’s Publicly Known Track Record
Public reporting attributes the attack to LockBit 5, the latest iteration of the LockBit ransomware operation. The group first emerged around 2019 and has repeatedly rebranded after law-enforcement actions. It has claimed thousands of victims worldwide, including hospitals, schools, local governments, and private companies. Their typical playbook involves initial access through phishing, remote desktop protocol weaknesses, or stolen credentials, followed by rapid exfiltration of sensitive files. They then deploy ransomware to encrypt systems and demand payment. If unpaid, they publish samples or full datasets on their leak site and pressure victims through public shaming and private extortion. Available reporting describes LockBit as one of the most prolific ransomware families still operating despite multiple international takedown attempts.
What to do
- Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, then use the no-subscription cleanup to remove what you can.
- Rotate any password you used on moa.gov.eg or related Egyptian government portals anywhere else it is reused, and switch to 2FA through an authenticator app rather than SMS.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure of your family’s data is caught in hours, not months.
- Cover the household with DoxxScan family coverage that extends to dependents and children’s gaming accounts, which often become entry points for doxxing chains when credential leaks occur.
- Let remediation specialists handle takedown requests across data brokers and leak sites while you focus on securing your own accounts and educating family members.
The speed with which leaked government data spreads means ordinary families must treat every breach as personal. Acting quickly on exposed credentials and hidden identity links limits the damage before criminals turn one ministry breach into years of targeted fraud or harassment. DoxxScan by GalaxyWarden delivers that protection through continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts.
Related breaches
seprec.gob.bo Listed by krybit Ransomware Group
SEPREC (Servicio Plurinacional de Registro de Comercio / Plurinational Commercial Registry Service) …
EBNY Development Listed by thegentlemen Ransomware Group
***.com.eg Founded in 2012, EBNY Development is a pioneering real estate company focused on redefini…
CSIR Structural Engineering Research Centre Listed by thegentlemen Ransomware Group
***.res.in zoominfo.com/c/csir-structural-engineering-research-centre/372543677 CSIR-Structural Engi…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →