Cyberattack disrupts four major Iranian banks via their shared communications network

On 14 June 2026, four of Iran's largest financial institutions — Bank Melli, Bank Saderat, Bank Tejarat and the Export Development Bank of Iran — suffered widespread service outages after a cyberattack struck the shared communications infrastructure they rely on. Rather than hitting each bank individually, the attackers targeted the common network layer that links the institutions, allowing a single intrusion to ripple across all four at once.

What happened

Iranian officials described the incident as a "limited" cyberattack that disrupted the banks' shared communication network. The outage knocked several customer-facing services offline, including mobile banking apps, internet banking platforms, automated teller machines (ATMs), point-of-sale (POS) terminals and some card-based transactions. Technical teams moved to isolate the affected systems and implement protective measures while restoration work was carried out.

According to Iran's Banking Coordination Council, the disruption was confined to these four banks. The council and the Informatics Services Corporation stated that no unauthorized access to customer information occurred and that no evidence of data leakage was found. Officials said card services at Bank Tejarat and Bank Saderat had been fully restored as the response progressed.

Why it matters

Targeting a shared communications backbone rather than individual institutions is what gave this attack its reach: one point of compromise translated into simultaneous disruption across four major banks and the everyday payment rails — ATMs, cards and POS terminals — that ordinary customers depend on. No group publicly claimed responsibility, and authorities have not attributed the attack. While officials emphasised that data was not stolen, the episode underscores how concentrated, shared infrastructure can turn a single intrusion into a nationwide service outage.