Iranian bank cyber attack leaves 15 million customers' details online

“This is the largest financial scam in Iran’s history,” Iran's Aftab News reported. “Millions of Iranians are worried to find their names among the list of hacked accounts.”

A burnt bank is seen after protests against increased fuel prices in Tehran, Iran November 20, 2019. Picture taken November 20, 2019 (photo credit: NAZANIN TABATABAEE/WANA (WEST ASIA NEWS AGENCY) VIA REUTERS)
A burnt bank is seen after protests against increased fuel prices in Tehran, Iran November 20, 2019. Picture taken November 20, 2019
(photo credit: NAZANIN TABATABAEE/WANA (WEST ASIA NEWS AGENCY) VIA REUTERS)
Just a few weeks since Iranian protesters torched hundreds of bank branches throughout the country, the Islamic republic’s financial authorities are dealing with another threat: A cyber attack caused the bank details of millions of Iranians to be published online, The New York Times reported.
“This is the largest financial scam in Iran’s history,” Iran’s Aftab News reported. “Millions of Iranians are worried to find their names among the list of hacked accounts.”
The details of approximately 15 million Iranians were published on the social media platform Telegram. Although Iran has been involved in a cyber war against the United States and Israel in the past, the country’s government claimed that the breach is not the work of foreign agents.
Iran’s Minister of Information and Communications Technology, Mohammad-Javad Azari Jahromi, responded that the attack was the work of a “disgruntled contractor who had access to the accounts and had exposed them as part of an extortion attempt,” according to the Times.
Cyber experts have disputed this, the newspaper wrote. The breach is so large that it was more than likely the work of a foreign state or state-funded body.
The attack targeted customers of Iran’s three largest banks, Mellat, Tejarat and Sarmayeh, which have yet to issue any statements. All three banks have been under US sanctions for over a year, accused of transferring money on behalf of Iran’s Islamic Revolutionary Guards Corps.
According to the New York Times report, the accounts’ information was published on a channel called “Your banking cards” on the messaging app Telegram. The first message warned “we will burn the reputation of their banks the same way we torched their banks,” referring the banks burned by protesters throughout November.
The Telegram message also stated that the perpetrators had demanded payment from the banks and, since they had not received payment, they would be releasing the details of millions of bank customers.
Israeli cybersecurity company ClearSky was among the first to issue warnings of the breach, and CEO Boaz Dolev told the Times that the size of the breach indicated that whoever was responsible possessed “high technological capability, which is usually at the hand of state intelligence services.”
ClearSky had issued a warning to Israeli credit card companies as early as December 3 to be on alert in case of an Iranian counterattack if Israel was accused of being the perpetrator. A spokesman for the Israel Defense Forces responded to the Times, saying that, “we do not respond to foreign reports.” The White House also refused to issue a response.