Sri Lanka’s deepening cybercrime crisis has once again exposed dangerous vulnerabilities inside state institutions, after national carrier SriLankan Airlines lost nearly Rs.160 million through two separate overseas financial frauds in Dubai and Chennai. The incidents have intensified concerns over the government’s ability to protect public funds at a time when the country remains trapped in economic hardship, foreign debt repayments, and rising fiscal instability.
Investigations reveal that the first fraud involved a sophisticated cyber intrusion targeting the airline’s Dubai operations. Fraudsters allegedly hacked the email account of an overseas agent and manipulated official communication channels to redirect a payment of US$265,000—equivalent to nearly Rs.80 million into a fraudulent foreign bank account. The payment, originally intended for a legitimate transaction, was instead diverted after fake instructions were sent using what appeared to be the agent’s authentic email credentials.
The second scam emerged from the airline’s Chennai office in South India, where three Indian nationals employed at the station are accused of using forged documentation to siphon off another Rs.80 million. Indian authorities have now launched investigations into the alleged criminal operation, which officials believe may have involved internal collusion and systemic failures in document verification procedures.
The twin scandals have amplified fears that Sri Lanka’s public institutions are becoming increasingly vulnerable to organized cyber-enabled financial crime. The airline frauds come only months after hackers infiltrated Treasury-linked payment systems, resulting in a reported US$2.5 million financial breach connected to foreign debt payment operations. Another US$625,000 was reportedly lost through fraudulent transactions linked to the Postal Department’s overseas payment systems.
Together, the incidents paint a troubling picture of weak cybersecurity infrastructure, poor oversight, and inadequate financial controls across state agencies handling sensitive international transactions. Analysts warn that cybercriminals are specifically targeting financially distressed governments where internal controls are weakened by bureaucratic inefficiency, outdated digital systems, and staff shortages.
Deputy Finance Minister Anil Jayantha acknowledged that investigations are underway into both SriLankan Airlines frauds and insisted the government would act swiftly against any wrongdoing. However, the repeated emergence of major cyber thefts involving state funds has raised public anger over accountability failures within government institutions.
The growing scandal also arrives amid controversy surrounding several recent domestic payment irregularities, including reported duplicate payments linked to the Road Development Authority and alleged discrepancies involving welfare relief disbursements to vulnerable recipients. Critics argue that the accumulation of overseas cyber frauds and local payment failures reflects broader structural weaknesses in Sri Lanka’s financial governance systems.
With billions of rupees in public funds moving through digital channels every month, experts warn that unless authorities urgently modernize cybersecurity defenses and strengthen internal audit mechanisms, Sri Lanka risks becoming an increasingly attractive target for transnational cybercrime syndicates seeking to exploit institutional weaknesses during the country’s fragile economic recovery.
By a Special Correspondent