Court Imposes Travel Bans on Five Officials in USD 2.5M Treasury Cyber Heist

The Colombo Fort Magistrate’s Court on Tuesday (April 28) approved a Criminal Investigation Department (CID) request to impose foreign travel bans on five officials of the Public Debt Management Office connected to the USD 2.5 million Treasury cyber fraud, and ordered the case file placed in the court safe given the sensitive technical nature of the probe.

Investigating officers told Magistrate Isuru Neththikumara that loan instalment payments to Export Finance Australia, processed under the country’s debt restructuring, had been diverted to cybercriminals. Transactions had been routed through the legitimate counterparty domain exportfinance.gov.au until October 28, 2025, when IT services provider Enable issued a warning that the domain had been altered. Despite that alert, the transfer to a fraudulent commercial domain exportfinanceav.com proceeded.

The CID also told court that during inspection of the External Resources Department’s data systems, certain records had been deleted. Asked by the Magistrate whether the deletions were deliberate, the investigating officer said the probe was ongoing and no suspects had been identified. Departmental emails had been moved onto Outlook, and the institution’s computer systems had also been changed around the time of the incident.

The Magistrate granted permission to appoint a technical expert committee comprising the Government Analyst’s Department, the Sri Lanka Computer Emergency Readiness Team (SLCERT) and the Dean of the Faculty of Computing, University of Colombo. The court further authorised inspection of the bank accounts of the five officials currently on compulsory leave. The case is being investigated under the Public Property Act, the Computer Crimes Act and the Penal Code.

The CID told court that international assistance has been sought from INTERPOL and the Australian Federal Police, with inquiries underway into whether systems in both Sri Lanka and Australia may have been compromised. Issuing instructions, Magistrate Neththikumara emphasised the need to first establish whether a criminal offence had occurred, identify those responsible, and put steps in place to prevent similar incidents and safeguard public funds. The case will next be called on June 3.

Treasury Secretary Harshana Suriyapperuma, who oversees the affected divisions, has been summoned by the Committee on Public Finance for Thursday, April 30, to answer for the breach.