Sri Lanka Flags Major Cybersecurity Lapse After USD 2.5 Million Treasury Funds Go Missing

Sri Lanka’s Finance Ministry is attempting to recover USD 2.5 million after a suspected cyber hacking incident compromised its payment system, a senior official confirmed on Thursday, underscoring growing concerns over the vulnerability of even key government financial infrastructure.

Finance Ministry Secretary Harshana Suriyapperuma said the breach was detected after early warning signs of attempted intrusion into the External Resources Department’s digital systems through email-based attacks. Officials believe cybercriminals exploited weaknesses in the payment workflow to redirect funds intended for a foreign creditor.

“In January 2026, we came to know that cyber criminals were trying to enter the system. Once alerted, we coordinated with relevant foreign counterparts to ensure that payments were not further misdirected and that additional harm was prevented,” Suriyapperuma told reporters. The ministry has since appointed a high-level investigative committee to determine how the breach occurred and how the funds were diverted.

The incident came to light amid political controversy, after opposition lawyers alleged that part of a USD 22.9 million sovereign payment , due in September 2025, had been compromised. According to the allegations, USD 2.5 million transferred between December 2025 and January 31, 2026 , was routed not to the intended creditor but to an account controlled by hackers.

Opposition members have urged the Speaker of Parliament to initiate a formal inquiry, arguing that public funds fall under parliamentary oversight and demand full accountability. The matter has also been raised before the Parliamentary Committee on Public Accounts (COPA).

In a related development, the Australian High Commission in Colombo confirmed awareness of irregularities involving payments linked to the Australian government. It said it is working with Sri Lankan authorities, who are currently investigating the cyber breach and its financial impact.

The episode has sparked wider concern over the cybersecurity readiness of government financial systems , with officials acknowledging that even high-level treasury operations remain exposed to sophisticated digital attacks. The breach highlights how vulnerabilities in email systems and payment authentication processes can potentially expose state funds to diversion. Authorities say efforts are underway not only to trace and recover the missing funds but also to strengthen digital safeguards to prevent similar incidents in the future.