Iran banking cyberattack hits 3 lenders, halts card services

Three Iranian lenders suspended parts of their card-based banking services on Tuesday after a cyberattack disrupted ATMs, point-of-sale terminals and mobile apps, putting Iran’s retail payment rails back under strain.

The disruption hit Bank Melli, Bank Saderat and Bank Tejarat, Reuters reported, citing Iranian state media. Services were temporarily suspended to prevent further unauthorized access. Iran did not name a suspect or give a timetable for full restoration, leaving customers with the practical problem first: whether cash withdrawals, shop payments and routine app transfers would clear.

It was the second banking outage in nine days. Officials described a June 14 cyberattack that disrupted services at four banks as limited and said customer data had not been compromised. The repeat matters even without reported data theft, because it moves the issue from a one-off outage toward a test of the communications and switching systems underneath everyday transactions.

For now, the incident looks more like an availability shock than a depositor-run story. Payment failures, though, are visible in a way that back-office stress is not. Customers notice the ATM that will not dispense cash, the card reader that rejects a purchase and the banking app that stalls.

That is the finance point. A lender can remain funded and solvent while its payment network fails customers for hours or longer. In Iran, where card rails are central to cash withdrawals, merchant checkouts and app-based banking, an interruption can become a commerce and trust problem for households and small businesses before it shows up as a balance-sheet event.

Iran also has fewer release valves than a banking system plugged into broad external rails. Sanctions leave more of the burden on domestic switches, bank apps and ATM access. Reliability in that plumbing carries more weight when customers and merchants cannot easily route around a failed channel.

Why the repeat matters

Reuters said the latest attack affected ATMs, point-of-sale terminals and mobile applications linked to the lenders’ card systems. The open question is whether the three-bank outage was limited to those institutions or exposed strain in a shared infrastructure layer. Tehran has not publicly answered that. Without attribution, the event sits between an operational outage and a possible geopolitical signal.

Iranian officials have previously blamed hostile foreign actors, including Israel, for other cyber incidents, but this case has not been tied to any named party. That limits how far investors can read it as retaliation or escalation. The observable markers are narrower: which services went down, how long they stayed offline, and whether authorities had to widen shutdowns to contain the breach or block follow-on access.

Regional outlet The New Arab also reported the disruption at the three lenders, a reminder that a domestic payments outage can quickly become part of a wider Middle East banking-risk story.

What markets lack is a clean line between a local incident and a system weakness. That gap in visibility is part of the risk.

For banks, the damage is not only reputational. Repeated interruptions force lenders and the state to show that backup systems, interbank links and consumer access points can be restored without longer ATM queues, failed merchant payments or broader hesitancy around digital banking. The first June attack hit four banks and the second named three lenders, a pattern that points to operational fragility beyond one institution, even if the architecture behind the outages remains undisclosed.

The near-term market read is narrower than a generic cyber headline, but it is still consequential. Iran’s banking system is being tested at the payments layer, where resilience is measured by whether cards clear, cash machines work and mobile apps stay live. The marker now is whether authorities restore full card usage without spillovers to other lenders or repeated shutdowns. If not, the second attack in less than two weeks could harden concerns that sanctions-era financial plumbing is easier to jam than to defend.