Cyber Incident Victim: SHVA
Date:
Feb 2025
Location:
Israel
Summary
Shva experienced a disruption to Israel's credit card payment clearing system that prevented transactions from being processed for several hours. The company initially described the issue as a communications malfunction before labeling it a simple cyber incident and later identifying it as a denial‑of‑service attack that flooded its servers with traffic. Service was reported as restored after about an hour, although some users continued to report problems. A similar incident had occurred earlier, prompting the company to block foreign connections to the payment network. Experts characterized the attack as a service‑driven effort likely intended to create a broad cognitive impact rather than to steal data or funds.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 13 2025, Shva (Automatic Bank Services Ltd.) began experiencing a disruption in its payment clearing services at approximately 11 a.m., which prevented credit card transactions from being processed. The company initially stated that the cause was under investigation by its professional teams and promised to provide updates on any developments. About an hour after the onset of the malfunction, Shva issued an official statement indicating that the national payment system for debit cards had been operating normally for the past hour and that credit transactions could be made. Despite this announcement, several customers reported around 1 p.m. that the disruptions were persisting, even though Shva maintained that the system had been functioning normally since 11:30 a.m. Initially the incident was assessed as a communications malfunction, but later in the afternoon Shva characterized it as a “simple cyber incident.” According to Globes’ assessment, the event was a denial‑of‑service attack in which numerous remote servers attempted to access Shva’s payment server, overwhelming it and disrupting service; the attack was described as temporary and unsophisticated but capable of causing several hours of interruption.

This was not the first time Shva had faced such difficulties. In October 2024 the company reported problems clearing credit card transactions and communications issues with the payment system, subsequently admitting that a three‑hour breakdown was the result of a cyberattack. In response to that October incident Shva decided to disconnect the ability to connect to the Israeli payment system from abroad, a measure intended to limit external access to its infrastructure. Shva’s statement at the time noted that the incident did not materially affect the company’s revenue. Approximately two weeks after the October event, another glitch was identified following a cyberattack on HYP’s Credit Guard, a clearing provider serving large entities such as supermarket chains, health funds, fashion chains and public transportation; because the attack targeted a single company, the impact was less severe and Shva reported that the national payment system remained operational.
The February 2023 disruption affected both debit and credit card payment flows, with customers experiencing failed or delayed transactions during the morning period. Shva’s ongoing communication included the initial investigation notice, the midday statement about restored debit‑card service, and later acknowledgment that the incident was a simple cyber issue. The company’s prior decision to block foreign connections to the payment system, taken after the October 2024 attack, remained in place as a containment measure. No additional specific response actions for the February incident were detailed in the source material beyond the public statements and the promise of updates. The October incident was explicitly noted as having no material effect on Shva’s revenue, and no revenue impact was mentioned for the February event.
