COLOMBO, Sri Lanka: Cyber criminals hacked into the computer system of Sri Lanka’s finance ministry and siphoned off $2.5 million, the government said on Thursday, marking the largest known cyber theft from a state institution in the country.
The stolen funds were intended as a debt repayment to Australia, Finance Ministry Secretary Harshana Suriyapperuma told reporters in Colombo.
Authorities detected the breach after an attempt was made to access the ministry’s email server.
Subsequent investigations revealed that a $2.5 million payment owed to Australia had disappeared.
“Criminal investigators are looking into this and we are not in a position to give further details,” Suriyapperuma said, adding that Sri Lanka was seeking assistance from foreign law enforcement agencies.
Officials suspended, probe underway
Four senior officers at the Public Debt Management Office (PDMO) were suspended following the breach, Suriyapperuma said.
The Ministry of Finance, Planning and Economic Development said complaints had been lodged with multiple law enforcement bodies, including the Criminal Investigation Department and the Financial Intelligence Unit of the central bank.
The ministry said it had initially alerted the Sri Lanka Computer Emergency Readiness Team and the Cyber Crimes Investigation Division of the police after identifying suspicious activity linked to a foreign currency payment in January 2026.
A preliminary internal inquiry has been conducted and disciplinary proceedings initiated against several officials, it added.
Australia aware of ‘irregularities’
Australia’s High Commissioner to Sri Lanka, Matthew Duckworth, said Canberra was aware of “irregularities” in payments owed to it.
“Sri Lankan authorities are investigating the matter and are coordinating with Australian officials, who are assisting the investigation,” he said in a post on X.
“Australia remains committed to supporting Sri Lanka’s return to debt sustainability,” he added.
The Australian High Commission and Sri Lanka's Ministry of Finance are aware of irregularities in payments owed to the Australian Government.
Sri Lankan authorities are investigating the matter and are coordinating with Australian officials who are assisting the investigation.…
— Australia in Sri Lanka (@AusHCSriLanka) April 23, 2026
The cyberattack comes as Sri Lanka continues to recover from a severe economic crisis in 2022, when the country defaulted on its $46 billion external debt.
The Public Debt Management Office was established earlier this year as part of reforms linked to a $2.9 billion bailout programme of the International Monetary Fund.
