Cybercriminals Steal $13M in Global ATM Heist Using Prepaid Cards
An international cybercrime gang stole $13 million from a Florida-based financial firm in March 2011. The attackers exploited prepaid debit cards, withdrawing cash from ATMs across multiple countries in a coordinated heist.
The breach targeted Fidelity National Information Services Inc. (FIS), a Jacksonville company handling over 775 million prepaid card transactions yearly. Details emerged in the firm's first-quarter earnings report on May 3, 2011.
The attack began on Saturday, March 5, 2011. Hackers compromised the eFunds Prepaid Solutions platform, previously known as WildCard Systems Inc., based in Sunrise, Florida. They altered or removed withdrawal limits on 22 prepaid cards before cloning them for fraudulent use.
Cash withdrawals took place in major cities across Europe, Russia, and Ukraine. The criminals spread their activity across 13 different countries, maximizing the stolen funds before detection.
Investigators noted similarities to a 2008 breach at RBS WorldPay, where fraudsters withdrew over $9 million using counterfeit prepaid cards. In this case, up to 7,170 prepaid accounts may have been exposed. Personal details of three cardholders were also accessed without authorization.
The incident highlights vulnerabilities in prepaid card systems used by financial institutions. FIS confirmed the breach in its May earnings statement, though the full extent of the damage remains under review. Authorities continue to investigate the international scope of the cybercrime operation.
