Sri Lanka's $2.5 Million Cyber Fraud Reveals Governance Failures

Sri Lanka's $2.5 Million Cyber Fraud Reveals Governance Failures

First seen 11 Jul 2026, 23:28 UTC Island.LkThemorning.Lk 80% similarity 51.9

Article Content

Browse articles
ThreatCluster

A cyber fraud incident resulted in the theft of $2.5 million from Sri Lanka's foreign debt repayment process between November 2025 and January 2026. The Committee on Public Finance (COPF) found that both the Central Bank of Sri Lanka (CBSL) and the Ministry of Finance exhibited serious governance and procedural failures that allowed the fraud to occur. The attack exploited a compromised email system within the Ministry of Finance, which lacked basic cybersecurity measures like multi-factor authentication. The COPF's report highlighted the need for significant reforms in cybersecurity and financial controls, as well as a special audit of the foreign debt repayment process. Although the Attorney General's interpretation shifted legal responsibility to the Public Debt Management Office (PDMO), the COPF emphasized that systemic weaknesses across institutions were to blame. Four mid-level officials from the Ministry of Finance have been suspended, but comprehensive investigations are still pending. The report also pointed to outdated IT infrastructure as a contributing factor to the fraud.

Key Points: • A cyber fraud led to the theft of $2.5 million from Sri Lanka's foreign debt repayments. • Governance failures were identified in both the Central Bank and Ministry of Finance. • The incident exposed significant cybersecurity weaknesses, including outdated systems and lack of multi-factor authentication.

ThreatCluster AI

Timeline

2025-11-01
Fraud began
The cyber fraud incident started with compromised payment instructions from the Ministry of Finance.
Themorning.Lk
2026-01-31
Fraud discovered
The $2.5 million theft was identified during the foreign debt repayment process.
Island.Lk
2026-07-10
COPF report tabled
The Committee on Public Finance presented its findings in Parliament, citing governance failures.
Themorning.Lk
2026-07-10
Recommendations made
COPF recommended reforms to strengthen cybersecurity and financial controls in state institutions.
Island.Lk

Community

Browse all →