Minister of Public Administration Chandana Abeyratne has lodged a formal complaint with the Criminal Investigation Department (CID) over a cyberattack targeting the official website of the Ministry of Public Administration, he confirmed on Friday.
The complaint was filed through the intervention of the Ministry Secretary. The attackers attempted to auction data from the website in an effort to extract money, according to media reports.
Minister Abeyratne said no highly sensitive information was compromised, and only some public information had fallen into the hands of another party. The CID is now investigating the incident, and the Sri Lanka Computer Emergency Response Team (SLCERT) has commenced a separate inquiry of its own.
The ministry runs a range of public-facing online services, including those supporting government employee records and administrative circulars. A defacement or data-auction attempt on such a platform, while less damaging than a breach of payroll or personnel databases, raises questions about perimeter controls on government web assets.
The incident is the second publicly disclosed government cyber event in a single week. The Treasuryβs Department of External Resources suffered a USD 2.5 million business email compromise that is now under joint investigation with Australian authorities. While the two incidents differ in mechanism β website data-auction versus fraudulent sovereign-debt payment β they place two simultaneous cyber threads under SLCERT review and are likely to accelerate calls for a coordinated government cybersecurity posture.
