Fresh fears emerge as missing French loan documents deepen Sri Lanka’s Treasury cyber breach crisis, raising alarms over potential insider involvement and wider financial fraud risks.
It is now suspected that the same hacker group responsible for breaching the Sri Lanka Treasury system and diverting $2.5 million may also be linked to the disappearance of several critical documents connected to a French debt repayment. According to emerging findings from an internal review of Ministry of Finance systems, investigators have identified irregularities that point to a broader cyber security breach within Sri Lanka’s financial infrastructure.
Sources familiar with the Sri Lanka Treasury cyber attack investigation indicate that these missing files relate to a future loan installment owed to France. Authorities fear that the documents may have been deliberately extracted by cyber criminals as part of a planned attempt to execute another large-scale financial fraud targeting sovereign debt transactions.
The development has intensified concerns over the safety of Sri Lanka’s public finance systems, especially as the country continues to navigate debt restructuring and IMF program commitments. The disappearance of sensitive financial data has raised questions about vulnerabilities in government cyber security protocols and data protection mechanisms.
A dedicated cyber forensic investigation team from the Criminal Investigation Department is currently probing the incident in detail. As part of the ongoing inquiry, digital devices including laptops and mobile phones belonging to officials from the Department of External Resources have already been taken into custody. These officers were directly involved in processing the earlier Australian debt repayment that became the center of the Treasury heist controversy.
Investigators are now focusing on whether the breach was purely external or if there was possible insider assistance that enabled unauthorized access to critical systems. The possibility of internal collaboration has become a key line of inquiry, as experts examine system logs, access patterns, and document handling procedures within the Ministry of Finance.
With Sri Lanka’s economic stability closely tied to its ability to manage debt repayments and maintain investor confidence, the latest revelations have heightened fears of systemic weaknesses. The incident underscores the urgent need for stronger cyber security frameworks, transparent financial governance, and tighter controls over sensitive government data.
