The Criminal Investigation Department’s (CID) Computer Crimes Division today (6) informed Fort Magistrate Pasan Amarasena that investigations have been launched into the non-receipt of approximately $625,000 paid by the Department of Posts to the United States Postal Service (USPS).
The Magistrate ordered the Sri Lanka Computer Emergency Readiness Team (CERT) to carry out an on-site forensic examination in connection with the incident.
The CID told court that statements had been recorded from officials who handled the relevant email correspondence, as well as from the Deputy Postmaster General. No suspect has been identified so far.
Investigations are being conducted under the Computer Crimes Act, the Public Property Act, and the Penal Code, the CID further informed court, noting that the probe was initiated following a complaint lodged by the Postmaster General.
Considering a request made by the CID, the Magistrate issued the relevant order.
Postmaster General Ruwan Sathkumara has stated that the funds, intended as a payment to the USPS, had allegedly been diverted through a coordinated phishing attack involving a third-party intermediary.
The incident was first disclosed by Cabinet Spokesperson Nalinda Jayatissa during the weekly Cabinet media briefing on 28 April, shortly after the controversy surrounding the misdirected $2.5 million Treasury loan repayment.
Sathkumara told The Sunday Morning that the fraudulent transfers had occurred in three phases over a two-year period, beginning with a transaction of around $900 in 2024.
“This was followed by a significantly larger transfer exceeding $400,000 in February 2025, and a further amount of nearly $190,000 in October 2025,” he said.
Efforts to recover the funds are now dependent on international cooperation, with Sri Lankan authorities seeking assistance from the United States. However, Sathkumara noted that there has been no response from US authorities so far.
“We will definitely need the support of the relevant country. That is why we are providing our statement to the CID,” he said, adding that while contact had been initiated through diplomatic channels, no formal breakthrough had yet been made.
Preliminary findings suggest the breach occurred within communication channels between Sri Lanka’s Department of Posts and its US counterpart, with a third party allegedly impersonating an official entity to misdirect the payments.
“It is suspected that it was a phishing-style incident involving a third party,” Sathkumara added.
