Dozens Arrested in ATM Cash-Out SchemeSuspected Fraudsters Targeted Santander Bank Branches in 3 States
Dozens of suspects have been arrested in connection with an ATM cash-out scheme that targeted Santander Bank branches in New Jersey, New York and Connecticut, according to police and news media reports.
In New Jersey, police made arrests Tuesday and Wednesday at Santander Bank branches, law enforcement officials say. In Hamilton Township, for example, 20 suspects have been charged with various offenses, including conspiracy to commit theft by deception, as well as minor drug charges, according to a police statement.
Police also suspect ATMs in New York City and Connecticut have been hit, according to a local NBC News report.
The South Windsor Police Department in Connecticut says fraudsters have attempted to use fake debit cards to withdraw cash.
Santander's fraud investigators are aware and are currently investigating. If you believe you have been a victim of fraud or have any information regarding suspicious activity at this ATM, please contact us immediately (2/2).— South Windsor Police Department PIO (@SWPD_PIO) August 18, 2020
Nancy Orlando, a spokesperson for Santander Bank, tells Information Security Media Group that the bank’s customers are able to use its ATMs to obtain cash, and non-bank customers would be able to use the machines "in the near future."
"All Santander employees are safe, and we continue to follow our safety and security protocols at all our locations," Orlando says. "Customers should know that there has been no impact to their accounts, data or funds, and we continue to cooperate with law enforcement as they investigate this situation."
Boston-based Santander Bank, a subsidiary of a Spanish firm, has about 650 branches and 2,000 ATMs in the U.S., mainly in the Northeast, according to its website.
The FBI is working with local police to investigate the bank fraud, an FBI spokesperson tells ISMG, declining to provide further details.
The New Jersey Star-Ledger newspaper, citing three law enforcement sources, reports that fraudsters took advantage of an apparent software "glitch" in the bank's ATM system, making continuous withdrawals of cash using prepaid payment cards or fraudulent ATM cards.
Some of the fraudsters started sharing details of the software bug on social media accounts, which drove others to attempt to cash out ATM machines in three states, sources told the Star-Ledger.
Hank Schless, a senior manager for security solutions at security firm Lookout, notes that fraudsters will continually look for weak spots in any business and then share that information.
"This ATM-related incident shows what happens when a device isn’t secured the same way as other parts of the infrastructure," Schless tells ISMG.
"Once a vulnerability is identified, it will be exploited until the victim realizes it needs to be fixed. Having visibility into every potential entry point into your organization is key if you want to truly secure your organization. Whether you're talking about ATMs, building entrances or mobile devices, it's critical to understand what risk they pose to the organization if they’re not secured."