Sri Lanka is managing the fallout of a cyberattack that resulted in nearly USD 2.5 million (approximately Rs. 800 million) in Treasury funds being fraudulently diverted during a foreign debt repayment to Australia. Multiple investigations are now underway across law enforcement, the Central Bank, and the Treasury.
The diverted sum formed part of a larger bilateral payment to Australia totalling USD 22.9 million, with settlement due by end-September 2025. The USD 2.5 million was processed between December 2025 and 31 January 2026 but did not reach the Australian government.
How the Breach Occurred
The Ministry of Finance, Planning and Economic Development has confirmed that cyber hackers breached the systems of its External Resources Department, intercepting email communications linked to the government-to-government debt repayment. By altering payment details within those communications, the attackers redirected the funds to third-party bank accounts. Despite the Sri Lankan government processing the payment in accordance with its established procedures, the funds did not reach the intended creditor.
The breach was identified in connection with a foreign currency transaction in January 2026. The Ministry subsequently notified the Sri Lanka Computer Emergency Readiness Team (SL-CERT), the Police Computer Crime Investigation Division, the Criminal Investigation Department (CID), and the Financial Intelligence Unit of the Central Bank of Sri Lanka. The Australian High Commission in Colombo has since confirmed that Sri Lankan authorities are investigating the matter in coordination with Australian officials, who are providing assistance to the probe. Australia has also reaffirmed its commitment to supporting Sri Lanka’s path toward debt sustainability.
Institutional Response
The Treasury has appointed a Technical Investigation Committee to examine the incident, co-chaired by Deputy Secretaries to the Treasury A.N. Hapugala and S.S. Mudalige. Additional members include National Planning Department Director General K.T.I. Premaratne, Legal Affairs Department Additional Director General A.K.D.D. Arandara, and Information Technology Management Department Assistant Director E.D. Shirantha. The committee has been specifically tasked with probing the risk of fraudulent payment instructions received via email and directed to submit its report at the earliest.
The Ministry confirmed that a preliminary internal inquiry has been conducted and disciplinary action initiated against several officials. Cabinet Spokesperson and Minister Dr. Nalinda Jayatissa confirmed that two Deputy Directors, two Directors, and the Head of the Computer Division of the Treasury have been suspended in connection with the matter. He added that a letter has been submitted to Speaker Dr. Jagath Wickramaratne requesting a parliamentary probe, and that Parliament will determine whether to initiate one.
Calls for Independent Oversight
The Free Lawyers Organisation, in a letter to the Speaker signed by its Chairman Maithri Gunaratne, has formally called for a parliamentary investigation. The letter raises the point that transactions of this scale would ordinarily require authorisation at senior Treasury level, including the Deputy Secretary and Secretary to the Treasury, and calls for accountability to be examined accordingly. It further notes that as the current internal investigation is being conducted within the Treasury itself, an independent external body would be better placed to ensure impartiality.
Opposition Leader Sajith Premadasa has similarly called for a transparent and independent investigation to establish how the funds were misdirected and whether due processes were observed across all institutions involved, including the Finance Ministry, Treasury, Central Bank, State Debt Management Office, and Department of Foreign Resources.
Opposition MP Namal Rajapaksa has described the incident as highlighting a gap in verification controls for high-value external transactions, and has raised questions about whether existing protocols were adequate. He also drew attention to the transfer of foreign debt repayment responsibilities from the Central Bank to the External Resources Department and the Public Debt Management Office under the new Finance Act, questioning whether that transition was accompanied by sufficiently robust procedural safeguards.
Next Steps
The Ministry has assured full cooperation with all ongoing investigations and indicated that further updates will be issued at an appropriate time so as not to compromise the process. It has also confirmed that future arrangements will be made in line with existing bilateral agreements with Australia.
As investigations continue across law enforcement and parliamentary channels, the incident has brought renewed focus to the importance of cybersecurity resilience and verification frameworks within institutions responsible for managing high-value cross-border financial transactions.