Nationwide Outage Cripples Russian Banking Apps and Metro Payments, Affecting Tens of Millions
What Happened – On April 3 2026 a technical failure triggered a cascade outage across Russia’s major banks (Sberbank, VTB, Alfa‑Bank, T‑Bank, Gazprombank) and the national metro payment system, blocking card transactions, cash withdrawals and mobile banking for several hours.
Why It Matters for TPRM –
- Service availability is a core control for financial‑service third‑party risk.
- The incident highlights how government‑mandated internet restrictions can destabilise critical payment infrastructure.
- Large‑scale disruptions can cascade to downstream vendors (e.g., POS providers, payroll processors) that rely on the affected APIs.
Who Is Affected – Financial services (banks, payment processors) and public‑transport operators in Russia; downstream SaaS and POS vendors that integrate with these banks.
Recommended Actions –
- Review contractual SLAs and incident‑response clauses with Russian banking and payment‑gateway providers.
- Validate that alternative transaction channels (e.g., offline POS, cash handling) are in place for critical business processes.
- Monitor regulatory developments on VPN and internet controls that could impact connectivity.
Technical Notes – The outage was attributed to a technical failure at a single bank, possibly exacerbated by recent VPN‑blocking measures, leading to a misconfiguration of network routing for banking APIs. No data breach was reported. Source: Security Affairs