Wednesday Apr 29, 2026
Wednesday Apr 29, 2026
Wednesday, 29 April 2026 00:21 - - {{hitsCtrl.values.hits}}
The Colombo Fort Magistrate’s Court yesterday imposed overseas travel bans on five officials in connection with the alleged $ 2.5 million cyber breach involving Sri Lanka Treasury funds, following a request by the Criminal Investigation Department (CID).
The order was made when the case was taken up before Colombo Fort Magistrate Isuru Neththikumara, after the CID reported progress of its investigation into the incident.
The CID informed court that loan instalment payments made to Export Finance Australia, following a debt restructuring process with Australia, had been diverted into the hands of cybercriminals.
Presenting facts, the investigating officer stated that financial transactions, including loan repayments, had been carried out over a period using the official email address of the relevant institution, “exportfinance.gov.au”, based on invoices received through that channel.
The officer further stated: “On 28 October 2025, the company ‘Enable’ issued a warning that the domain name of this email address had been changed. However, despite this warning, the funds transfer was carried out. Your Honour, the official email address is ‘exportfinance.gov.au’. Subsequently, using a commercial motive, a similar domain ‘exportfinanceav.com’ was created. Enable logged into the server system and conducted a data examination. Based on the investigations carried out so far, no evidence has been revealed indicating unauthorised access into the email system.”
The CID told court that ‘Enable’ is the company that provided IT services enabling foreign payment facilities to the Finance Ministry.
Further submissions indicated that inspections of the External Resources Department’s data systems had revealed that certain data had been deleted. The Magistrate inquired whether the deletion had been deliberate.
Responding, the investigating officer stated: “Investigations are still ongoing in this regard. No suspects have been identified at this stage. A comprehensive investigation is being conducted under the Public Property Act, the Computer Crimes Act and the Penal Code. Additionally, the emails of the External Resources Department were downloaded onto the Outlook. However, at the time this incident occurred, computer systems at the institution had also been changed.”
The CID also sought court approval to appoint a special expert committee to conduct a technical investigation into the cybercrime. The proposed committee comprises representatives from the Government Analyst’s Department, the Sri Lanka Computer Emergency Readiness Team, and the Dean of the Faculty of Computing at the University of Colombo.
Granting permission, the Magistrate authorised the inspection of bank accounts belonging to the five officials currently on compulsory leave.
The Magistrate further directed that, given the sensitive and highly technical nature of the investigation, the case file be placed in the court safe for secure custody.
