Tens of suspects arrested for cashing-out Santander ATMs using software glitch

Santander says it fixed the ATM software glitch that was exploited this week across the tri-state area.
Written by Catalin Cimpanu, Contributor

The FBI and local police have made tens of arrests across the tri-state area this week as part of a crackdown against multiple criminal gangs who exploited a glitch in the software of Santander ATMs to cash-out more money than was stored on cards.

According to reports in local media, the bulk of the arrests took place in Hamilton (20 suspects), across towns in Morris County (19), and Sayreville (11). Smaller groups of suspects were also detained in BloomfieldRobbinsville, and Holmdel, while reports of suspicious cash-outs were also recorded in Woodbridge, towns across the Middlesex County, Booton, Randolph, Montville, South Windsor, Hoboken, Newark, and even in New York City itself, in Brooklyn.

Gangs exploited ATM software glitch

Based on information ZDNet received from a Santander spokesperson, sources in the threat intelligence community, and details released by police departments in the affected towns, criminal gangs appear to have found a bug in the software of Santander ATMs.

The bug allowed members of criminal groups to use fake debit cards or valid preloaded debit cards to withdraw more funds from ATMs than the cards were storing.

Sources in the threat intel community have told ZDNet today that details about this particular software glitch had been initially kept private and shared or sold among members of ATM and banking fraud groups for days.


Glitch details, however, did not remain secret for long, and, eventually, leaked online this week, being broadly shared in Telegram chat rooms, Instagram, and other social networks.

As a result of details leaking uncontrolled, multiple criminal groups began exploiting the software bug, resulting in a sudden spike of ATM cash-outs at Santander banks, and prompting bank employees to investigate.

The bank eventually figured out what was going on and filed complaints with authorities this week, with the the FBI initiating a multi-jurisdictional investigation across New York, New Jersey, and Connecticut.

Santander shut down all ATMs to prevent attacks

To prevent further losses, Santander shut down all ATMs on Tuesday.


"Santander is pleased to report that following yesterday's events, branches are open and ATMs are back on-line, though ATMs are open to Santander customers only for the time being," a Santander spokesperson told ZDNet via email today.

"The bank hopes to have ATMs available to non-customers in the near future and we apologize for any inconvenience this may cause.

"Customers should know that there has been no impact to their accounts, data or funds, and we continue to cooperate with law enforcement as they investigate this situation," Santander said.

The bank also added that all its employees are safe, referring to one incident where the members of a criminal gang had an argument about how to split the stolen money and got into shoot-out among themselves after cashing out one of Santander ATMs, as CBS New York reported on Tuesday.

The FBI's most wanted cybercriminals

Editorial standards