It has been reported throughout many news outlets this week about the big cyber theft ring that was able to steal $45 Million in CASH from ATM's throughout the world across 26 countries. You read a headline like that and wonder "How can that happen?".
Unlike some of the other merchant data breaches that all financial institutions have seen over the years, this theft did not impact any individual consumer accounts. These cyber thieves were able to hack into the databases of prepaid debit cards and eliminate the normal daily cash limits and ATM limits. These cyber thieves produced their own cards and PIN numbers based upon card numbers registered within the databases.
The first wave of worldwide ATM cash outs netted $5 Million in roughly 4,500 ATM transactions across 20 countries.
The second wave of attacks produced some 36,000 transactions in the span of 10 hours, withdrawing $40 Million from ATM's in 24 countries.
These ATM's would be totally depleted of money. Once an ATM was empty of cash they would move on to the next ATM. It is amazing to think of the sheer logistics of having that many people hitting individual ATM's within a short period of time and over multiple countries.
A few arrests were made in the New York area but that group only represented a local cell that had stolen $2.4 million in the New York area. It should be noted that all of the banks involved which suffered losses were foreign banks based in the Middle East.
This was a huge story in the financial world this week. Additional security measures and monitoring will no doubt be upgraded throughout the world following this theft. I would also anticipate individual ATM owners imposing daily amounts for non-customers to avoid this situation where one person would perform one cash withdrawal after another until the ATM was empty.