Illustrative picture Image Credit: Reuters

Tehran: Iran’s government has acknowledged that it faced a “very big” cyberattack, following a report in The New York Times this week that information from 15 million Iranian bank accounts was stolen and published online after widespread street protests were crushed in November.

Iran’s telecommunication minister, Mohammad Javad Azari Jahromi - who had previously dismissed the bank-account theft as an insider extortion plot - said the attack had been state sponsored, but he offered no evidence to back up the claim.

He said details and the country deemed responsible would be revealed after investigations had been completed.

Azari Jahromi said Iran’s cybersecurity unit had thwarted the attack, making no direct mention of the compromised bank accounts.

“We faced a very well-coordinated state-sponsored cyberattack on the government’s digital infrastructure,” Azari Jahromi told reporters in Tehran on Wednesday.

“It was a very big attack.”

He made the announcement the same day that Telegram, the popular phone app widely used in Iran, shut down the channel where the bank account details had been revealed for all to see.

The Telegram channel was created on Nov. 27 and until Dec. 5 had been home to the uploaded names and details for debit cards tied to the accounts of millions of Iranians who are clients of three banks - Mellat, Tejarat and Sarmayeh.

All three were the target of U.S. sanctions a year earlier over what American officials described as prohibited financial transfers done on behalf of Iran’s Revolutionary Guard.

“We routinely close down channels which publish personal data like passport scans or credit card numbers,” said Markus Ra, spokesman for Telegram. This channel was closed, he said, when a user reported it to the company after the publication of The Times article.

A week earlier, Azari Jahromi had characterized the breaching of the bank accounts as the act of a disgruntled former contractor he said had obtained access to the information and was using it for extortion. As of Thursday, the banks had not issued a public statement about the breached accounts.

But it appeared the problem continued even after the channel was erased from Telegram.

Some Iranians posted screenshots of emails they had received from accounts with addresses identical to the customer service departments at two of the banks.

The emails showed the account holders’ personal identification details and warned them: “We are in control of your bank information and your bank is lying to you.”