Bank Sepah breach
On 17 June 2025 (27 Khordad 1404 in the Persian calendar), widespread disruptions were reported in the services of Bank Sepah, one of the main state-owned banks in Iran.[1][2] The disruptions affected online banking, ATMs, and other digital services, leaving many customers unable to carry out daily banking operations.[3]
According to Iranian media, the disruptions also impacted fuel stations, which rely on Bank Sepah’s banking infrastructure. This situation raised concerns about a broader crisis in public service delivery.[3]
Later that day, a video was circulated showing the interior of the bank’s data center, where unidentified individuals were seen interacting physically with the servers, with no official explanation provided regarding their identity or mission. The footage sparked a wave of speculation across Iranian social media, with some users suggesting that the disruption may have resulted from physical intrusion into the data center, rather than a purely technical malfunction.[4][5]
Bank Sepah initially claimed the disruptions were due to routine system updates, but gave no official comment regarding the presence of unidentified individuals near its servers.
Background
[edit]Bank Sepah is connected to Bank Sepah International Plc, a wholly-owned subsidiary based in the United Kingdom. Established on December 31, 2001, the London-based entity assumed the assets and operations of Bank Sepah’s original London Branch, which had been active since 1972. It specialized in international trade finance, particularly with Iran and Persian Gulf countries. Its SWIFT code is SEPBGB2L.[6]
Bank Sepah and its UK subsidiary have been subject to a range of international sanctions over the years due to their alleged involvement in financing Iran’s missile and nuclear programs. The U.S. Treasury added the bank to its Specially Designated Nationals (SDN) list in 2007 and again in 2018, under Executive Order 13382, freezing its U.S.-controlled assets and prohibiting dealings with U.S. entities. Similar designations were applied by the United Nations Security Council in 2007 (via Resolution 1737), the European Union, and the UK government, although many of these restrictions were temporarily lifted following the Joint Comprehensive Plan of Action (JCPOA) in 2016, and later reimposed in 2018.[6]
In March 2025, a hacker group called Codebreakers announced a major breach of Bank Sepah’s systems, one of Iran’s oldest and most prominent financial institutions. The group claimed to have stolen around 12 terabytes of sensitive banking data, covering some 42 million customers. The leaked data allegedly included bank accounts, passwords, addresses, contact information, and transaction histories.[7]
The hackers demanded that Bank Sepah pay $42 million in Bitcoin within 72 hours or face the release of the stolen data. The bank refused. In response, the Codebreakers released a portion of the data, causing public shock, among the leaked information were details of high-ranking military officials, including an account under the name “Raoul Polarak” holding approximately 634 trillion Iranian rials.[7][8]
See also
[edit]References
[edit]- ^ 27 Khordad: Bank Sepah closed and went offline.
- ^ "Bank Sepah disruptions to be resolved soon". Rokna (in Persian). 2025-06-17. Retrieved 2025-06-17.
- ^ a b https://x.com/SepahBigLooting/status/1934898608626934104
- ^ "Hacker group: We destroyed all Bank Sepah data". IranWire (in Persian). Retrieved 2025-06-17.
- ^ ""Bank Sepah hacked and all data destroyed"". Gooya News. Retrieved 2025-06-17.
- ^ a b "Bank Sepah International Plc | Iran Watch". www.iranwatch.org. Retrieved 2025-06-17.
- ^ a b "Hackers Claim Access to 42 Million Sepah Bank Records, Bank Denies Breach". IranWire. Retrieved 2025-06-17.
- ^ "Bank Sepah". Iran Watch. Retrieved 2025-06-17.