Friday Apr 24, 2026
Friday Apr 24, 2026
Friday, 24 April 2026 05:39 - - {{hitsCtrl.values.hits}}
Treasury Secretary Dr. Harshana Suriyapperuma - Pic by Sameera Wijesinghe
By Devan Daniel
Sri Lanka’s Treasury yesterday sought to reassure creditors that external debt servicing will continue, after a $ 2.5 million cyber breach linked to a bilateral repayment exposed vulnerabilities during what officials described as a “vulnerable” transition in public debt management.
Speaking to the media, Treasury Secretary Dr. Harshana Suriyapperuma said the Government remains engaged with creditors, while limiting disclosures so as not to jeopardise investigations by forcing the perpetrators to change their modus operandi and go underground.
“We are in touch with our creditors and updating them on the ongoing investigations and have assured them that the Government is well placed to honour our
commitments."
We have consulted with our technical advisers on the debt restructuring, who have also advised us that our debt restructuring or ability to service debt is not at risk,” he said.
Sri Lanka hired globally renowned financial advisers Lazard Frères and international legal advisers Clifford Chance to support the process of restructuring debt, which is mostly completed earning accolades from its development partners, including the International Monetary Fund (IMF).
The breach relates to funds due to Export Finance Australia under a September 2025 settlement, but was uncovered only in April after a failed attempt in January 2026 prompted a review of past transactions. “We suspected then that hackers had compromised our email system and did not execute that transaction,” Dr. Suriyapperuma said.
He said Sri Lanka would honour its payments to Australia at the earliest, and that discussions were ongoing but did not comment further.
Dr. Suriyapperuma declined to comment on where the $ 2.5 million ended up.
The Daily FT learns that the January attempt involved a fraudulent email posing as communication from an Indian Government agency requesting a change in bank account details, prompting authorities to examine previous payments. That review revealed the earlier diversion, raising questions over verification processes within the External Resources Department. “We have a huge number of transactions which had to be reviewed and it took time,” he said.
The incident occurred during a period when public debt management functions were being transferred from the Central Bank of Sri Lanka (CBSL) to the Treasury, with both institutions operating in parallel in late 2025. This overlap created a vulnerable phase in which controls were still bedding in and the breach went undetected.
Dr. Suriyapperuma described the period as transitional. “It was a period of learning and we had to invest in staff development and capacity building,” he said.
The nature of the fraudulent instructions has intensified scrutiny over whether the breach relied on detailed internal knowledge, including credit lines and invoice references. “Ongoing investigations will reveal if there was negligence or involvement and the extent of their involvement, but I cannot say more to protect the credibility of the investigations,” he said.
Questions have also emerged over whether standard confirmation processes were followed after the September 2025 payment. It remains unclear whether Export Finance Australia flagged the non-receipt of funds or whether the Treasury had mechanisms in place to independently verify that the payment had reached the intended recipient. Dr. Suriyapperuma declined to comment on these aspects, citing advice not to disclose specifics during the investigation.
Earlier yesterday, Samagi Jana Balawegaya (SJB) MP Dr. Harsha de Silva said that the diverted funds were one of five transactions, and that Australia had inquired into the missing payment.
Earlier, Finance Deputy Minister Dr. Anil Jayantha Fernando said the breach occurred through manipulated email communications linked to settlement processes between the Treasury and Export Finance Australia, with funds diverted to accounts controlled by hackers. Investigations are ongoing with the Criminal Investigation Department (CID), supported by the CBSL’s Financial Intelligence Unit (FIU), the Sri Lanka Computer Emergency Readiness Team (SLCERT), and the Police Computer Crimes Investigation Division.
Dr. Suriyapperuma said the matter had initially been kept confidential to avoid compromising investigations. “It was these disgruntled officials who leaked the issue. We had kept the ongoing investigations by SLCERT, CBSL FIU, and the Computer Crimes Division of Sri Lanka confidential to help with the investigations,” he said.
He added that both investigators and advisers had cautioned against releasing details that could undermine the probe. “We will continue to engage with our creditors and stakeholders and update the citizens of this country on ongoing investigations and share more details as and when investigators allow,” he said.
The Australian High Commission also issued the following statement yesterday on social media:
“The Australian High Commission and Sri Lanka’s Finance Ministry are aware of irregularities in payments owed to the Australian Government. Sri Lankan authorities are investigating the matter, and are coordinating with Australian officials who are assisting the investigation. Australia remains committed to supporting Sri Lanka’s return to debt sustainability.”
The episode comes as Sri Lanka nears completion of its debt restructuring program with the support of the IMF, placing renewed focus on the integrity of systems handling sovereign payments. The breach, though limited in value, underscores the risks to financial credibility when institutional reforms pass through vulnerable phases before controls fully catch up.
