The Australian Federal Police has formally joined the investigation into the USD 2.5 million Treasury cyber breach under a bilateral arrangement on financial crimes, the Daily FT reported, as opposition MP and President’s Counsel Faiszer Musthapha called for the immediate appointment of a Presidential Special Investigation Committee to probe the heist.
Police are working with the Sri Lanka Computer Emergency Readiness Team (SLCERT) on the technical analysis, with technical logs shared with Australian authorities to track the movement of funds and identify perpetrators. The Criminal Investigation Department has recorded statements from seven officials drawn from the External Resources Department and the Public Debt Management Office, and laptops used by these officials have been taken into custody for forensic analysis. Four senior officials — an Additional Director General and Director from the PDMO and a Director and Assistant Director from the ERD — have been suspended.
Musthapha said the breach should not be treated as a financial loss alone but as a threat to national security. “If the diversion of $2.5 million from the General Treasury to a wrong party is indeed a cyber heist, the entire economic fabric of Sri Lanka is at risk. Therefore, a Presidential Special Investigation Committee must be appointed immediately,” he said. He proposed including subject-matter experts such as Dr. Hans Wijayasuriya in the inquiry and urged the government to work with the opposition to recover the diverted funds.
The MP said the breach highlights the need to reassess the resilience of Sri Lanka’s cybersecurity architecture as banking and the Inland Revenue Department undergo digitalisation. His call for a Presidential probe is in addition to SJB leader Sajith Premadasa’s earlier call for a Parliamentary Select Committee, and follows the government’s rejection of an opposition request for a one-day parliamentary debate at last week’s party leaders’ meeting.
Deputy Finance Minister Dr. Anil Jayantha Fernando told the FT that future foreign loan repayments will require Central Bank of Sri Lanka approval as an additional safeguard, and that further security features have been introduced on internal Treasury servers. He acknowledged “clear negligence” in payment handling without ruling out deliberate manipulation. Investigators have separately said they are examining whether internal staff assisted external actors.
The episode has drawn attention to a “vulnerable” transition period in public debt management, the FT said, with responsibilities shifting from the CBSL to the Treasury and creating overlapping controls and gaps in verification. Industry and Entrepreneurship Development Deputy Minister Chathuranga Abeysinghe described the breach as part of a wider pattern of administrative weakness, linking it to the textbook controversy, Customs clearance bottlenecks and coal procurement complications.
The breach involves funds due to Export Finance Australia, with investigators believing the same actors removed records of a future French loan repayment in preparation for a second fraud attempt. Five officials have been interdicted pending the inquiry, and the Free Lawyers Organisation has issued 22 questions to the President demanding the resignation of the Treasury Secretary. The Digital Trust Alliance has also called for a structured cybersecurity governance overhaul across the public sector.
