A major cyberattack has struck Sri Lanka, raising serious concerns about digital security. Hackers infiltrated the finance ministry’s system and stole $2.5 million.
This incident marks the largest known cyber theft from a state institution in the country. As a result, authorities have launched urgent investigations.
Funds Meant for Debt Payment Disappear
The stolen amount was not ordinary government spending. Instead, it was intended for a debt repayment to Australia.
According to finance ministry secretary Harshana Suriyapperuma, the missing funds were detected during routine checks. Officials then realized that the payment had vanished.
He stated, “Criminal investigators are looking into this and we are not in a position to give further details,” confirming the seriousness of the breach.
How the Cyberattack Unfolded
Authorities first noticed suspicious activity involving the ministry’s email server. Soon after, deeper investigations revealed the financial loss.
Consequently, the breach exposed vulnerabilities within critical systems. It also raised questions about internal safeguards and monitoring mechanisms.
In response, four senior officers from the Public Debt Management Office were suspended. This step reflects the government’s attempt to ensure accountability.
A Setback During Economic Recovery
The attack comes at a difficult time for Sri Lanka. The country is still recovering from a severe economic crisis that peaked in 2022.
During that period, the government defaulted on nearly $46 billion in external debt. Since then, authorities have been working to stabilise the economy.
Therefore, this cyber theft represents a major setback. It not only affects finances but also damages confidence in institutional security.
Role of the Public Debt Management Office
The Public Debt Management Office was established earlier this year. It was created as part of reforms linked to an international bailout programme.
These reforms aim to improve transparency and debt management. However, the recent breach has put these efforts under scrutiny.
International Cooperation Underway
Sri Lankan authorities are now working with global partners. They are seeking assistance from foreign law enforcement agencies to trace the stolen funds.
Meanwhile, Matthew Duckworth acknowledged the issue. He confirmed that Australia is aware of “irregularities” in payments owed to it.
He added, “Sri Lankan authorities are investigating the matter and are coordinating with Australian officials, who are assisting the investigation.”
Additionally, he emphasised ongoing support, stating, “Australia remains committed to supporting Sri Lanka’s return to debt sustainability.”
Rising Cybersecurity Concerns
This incident highlights the growing threat of cybercrime. Governments worldwide face increasing risks as systems become more digital.
Earlier this year, Sri Lanka’s central bank and finance ministry had already warned citizens about cyber scams. However, this breach shows that institutions are also vulnerable.
A Wake-Up Call for Stronger Defences
The theft of $2.5 million serves as a critical warning. It underscores the need for stronger cybersecurity measures.
Moving forward, authorities must strengthen systems and improve monitoring. At the same time, restoring public trust will remain a key challenge.
For now, investigations continue. The outcome will likely shape how Sri Lanka addresses digital security in the future.
