Back to Blog
high severity February 17, 2026 · scope unconfirmed

moa.gov.eg Listed by lockbit5 Ransomware Group

The Ministry of Agriculture and Land Reclamation is a governmental body focused on advancing agricul...

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed February 17, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On February 17, 2026, the Egyptian Ministry of Agriculture and Land Reclamation appeared on the LockBit 5 ransomware leak site with internal files listed as exfiltrated. The breach affects anyone whose personal or family information was stored in the ministry’s systems, including citizens who interacted with agricultural services, land registration, or related government programs.

Confirmed Facts from Reporting

Public reporting indicates the ministry was hit by a ransomware attack in which attackers exfiltrated internal documents before encrypting systems. The data was published on the LockBit 5 leak site on February 17, 2026. No exact victim count has been released, and the precise volume or specific categories of records remain unclear from available reporting. The ministry oversees national agriculture policy, land reclamation projects, and farmer support programs, meaning the stolen files could contain names, national identification numbers, contact details, land ownership records, or financial assistance data for ordinary Egyptian families.

Why This Matters for You and Your Family

When a government ministry that handles everyday citizen records is breached, the fallout reaches far beyond official channels. If your family has ever applied for farming subsidies, registered land, requested veterinary certificates, or used any ministry service, your information may now sit in a publicly accessible ransomware repository. Internal files often include scanned documents, spreadsheets of beneficiaries, and correspondence that contain full names, addresses, phone numbers, and government ID numbers. Once exposed, this data rarely stays contained. It moves quickly into broader criminal networks where it can be combined with other leaks to build detailed profiles of you and your relatives.

The Doxxing and Identity-Chain Implications

Ransomware groups do not always publish every file they steal, but the mere act of listing a victim signals that sensitive material is available to the highest bidder or anyone persistent enough to search dark-web forums. A single leaked government record can anchor an identity chain: an email address links to a reused password, a phone number ties to social-media accounts, and a child’s name or school detail can surface in gaming platforms. These chains turn one breach into repeated targeting. Credential leaks like this one frequently cascade into account takeovers on personal email, banking apps, and especially gaming accounts belonging to you or your children. Doxxers follow these links to publish home addresses, family photos, and contact information, increasing risks of harassment, fraud, and physical threats.

LockBit 5’s Publicly Known Track Record

Public reporting attributes the attack to LockBit 5, the latest iteration of the LockBit ransomware operation. The group first emerged around 2019 and has repeatedly rebranded after law-enforcement actions. It has claimed thousands of victims worldwide, including hospitals, schools, local governments, and private companies. Their typical playbook involves initial access through phishing, remote desktop protocol weaknesses, or stolen credentials, followed by rapid exfiltration of sensitive files. They then deploy ransomware to encrypt systems and demand payment. If unpaid, they publish samples or full datasets on their leak site and pressure victims through public shaming and private extortion. Available reporting describes LockBit as one of the most prolific ransomware families still operating despite multiple international takedown attempts.

What to do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, then use the no-subscription cleanup to remove what you can.
  • Rotate any password you used on moa.gov.eg or related Egyptian government portals anywhere else it is reused, and switch to 2FA through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure of your family’s data is caught in hours, not months.
  • Cover the household with DoxxScan family coverage that extends to dependents and children’s gaming accounts, which often become entry points for doxxing chains when credential leaks occur.
  • Let remediation specialists handle takedown requests across data brokers and leak sites while you focus on securing your own accounts and educating family members.

The speed with which leaked government data spreads means ordinary families must treat every breach as personal. Acting quickly on exposed credentials and hidden identity links limits the damage before criminals turn one ministry breach into years of targeted fraud or harassment. DoxxScan by GalaxyWarden delivers that protection through continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.