Sri Lanka’s Ministry of Finance has confirmed that a cyber breach within its systems led to the diversion of USD 2.5 million from an official foreign debt repayment, raising serious concerns over institutional safeguards in the management of public funds.
The breach occurred within the External Resources Department (ERD), the Treasury unit responsible for foreign-funded payments and external debt servicing. According to officials, unauthorised access to its computer systems enabled the redirection of funds during a scheduled transaction.
The missing sum formed part of a USD 22.9 million bilateral debt repayment reportedly due to Australia. Authorities state that between December 2025 and 31 January 2026, USD 2.5 million was transferred to a fraudulent account rather than the intended recipient. Finance Ministry Secretary Harshana Suriyapperuma acknowledged that the funds were likely diverted by a third party through compromised system access.
The anomaly was detected in January 2026 during routine transaction reviews, prompting referrals to Sri Lanka’s Computer Emergency Readiness Team (SL-CERT), the Police Computer Crime Investigation Division, the Criminal Investigation Department (CID) and the Central Bank’s Financial Intelligence Unit (FIU). A multi-agency investigation is now underway.
An internal inquiry has already resulted in the suspension of several Treasury officials, while a Technical Investigation Committee was appointed in late March. The probe comes amid recent structural changes that shifted responsibility for foreign debt servicing from the Central Bank to Treasury-linked institutions, including the ERD, changes that are now under renewed scrutiny.
Despite ongoing investigations, the incident has triggered mounting calls for parliamentary oversight and an independent inquiry, with critics describing the breach as a symptom of deeper institutional failure rather than an isolated cybercrime.
Australia acknowledges payment irregularities, extends support
The Australian High Commission in Sri Lanka has confirmed that both it and Sri Lanka’s Ministry of Finance are aware of irregularities linked to payments owed to the Australian Government, in connection with the disputed transaction. In a statement shared on X, the Commission noted that Sri Lankan authorities are currently investigating the matter and are working in coordination with Australian officials, who are providing assistance to the ongoing probe. It further reiterated that Australia remains committed to supporting Sri Lanka’s efforts towards restoring debt sustainability, signalling continued bilateral engagement despite the incident.
Breach “not isolated”, minister admits
Deputy Finance Minister Anil Jayantha Fernando has stated that the breach extended beyond a single transaction, revealing that similar attempts were made to divert other foreign payments, including one linked to India.
According to Fernando, discrepancies in banking details, particularly repeated alterations to account numbers, raised suspicions during verification processes, ultimately exposing the attempted fraud. His remarks suggest systemic vulnerabilities in payment authentication procedures.
At the same time, he cautioned against what he described as “misleading” statements by opposition politicians, urging the public to rely on official communications as investigations continue.
Parliamentary watchdog cites ignored warnings
The Chairman of the Committee on Public Finance (COPF), Harsha de Silva, has framed the incident as a foreseeable failure in public financial management, pointing to prior warnings that went unheeded.
De Silva stated that concerns had already been raised when responsibility for external debt servicing was transferred away from the Central Bank. The COPF had urged the Treasury to ensure that qualified and experienced personnel were appointed to manage sovereign debt operations, warnings he says were ignored.
He has also questioned the lack of transparency surrounding the incident, noting that neither the Finance Ministry nor the Central Bank disclosed the breach despite its scale. The COPF has formally sought clarification on the timeline, execution and delayed disclosure of the transaction.
Warning of wider implications, de Silva cautioned that if payments failed to reach creditors, Sri Lanka could face a “technical default” even as it attempts to stabilise its debt position.
He further criticised the Finance Ministry for repeatedly failing to appear before parliamentary oversight sessions, describing it as an unprecedented disregard for accountability. Emphasising the Sri Lankan parliament’s constitutional authority over public finance, he called for urgent action to restore institutional credibility.
Opposition calls for independent investigation
Sri Lankan’s opposition leader Sajith Premadasa has described the diversion as a serious breach of financial security, questioning how such a transaction could proceed without adequate verification mechanisms.
He called for an independent and transparent investigation into whether safeguards across key institutions, including the Treasury and Central Bank, were bypassed.
SLPP parliamentarian Namal Rajapaksa similarly characterised the incident as a systemic failure, arguing that accountability must extend beyond junior officials to those responsible for designing and overseeing financial systems. He also raised concerns over how fraudulent instructions were able to circumvent established protocols.
Legal groups warn of conflict of interest
Sri Lanka’s Free Lawyers Organisation has rejected the credibility of the ongoing Treasury-led inquiry, arguing that it cannot be considered independent.
The group highlighted that the Technical Investigation Committee operates under senior Treasury officials who oversee the very functions under investigation, creating what it described as a structural conflict of interest.
It further argued that a transaction of this scale could not have occurred without the involvement, or at minimum, the failure, of senior officials, including the Treasury Secretary. Limiting accountability to lower-level staff, it warned, risks obscuring responsibility at the highest levels.
The organisation has called for a parliamentary-led independent mechanism to ensure transparency and public confidence.
Sinhala nationalist groups demand forensic audit
The Sinhala nationalist “Dinana Dikuna” (Winning South) collective has also called for a full forensic audit, framing the breach as a national financial security issue.
In its statement, the group alleged that warnings had been issued regarding the bank account involved prior to the transaction, raising questions over whether due diligence procedures were ignored. It also criticised the delay in public disclosure and echoed calls for an external investigation, arguing that the current probe amounts to an institution investigating itself.
Public concerns grow amid silence
Public awareness of the diversion remains limited, despite the scale of the loss, estimated at roughly LKR 800 million. In a country grappling with rising living costs and ongoing economic instability, concerns persist that such losses ultimately fall on taxpayers.
Criticism has also focused on the government’s handling of the issue. Initial communication was minimal, and subsequent statements have largely centred on rebutting opposition claims rather than providing substantive detail. Questions remain as to why the breach, dating back several months, was not disclosed earlier.
The government’s framing of the incident as a cyber intrusion has done little to quell concerns. For many, the issue extends beyond hacking to the integrity of the systems, and officials, responsible for managing public finances.
As investigations continue, the episode has come to symbolise broader anxieties over transparency, accountability and the fragility of Sri Lanka’s financial governance at a time of acute economic vulnerability.
Leave a comment