ATM 'Jackpotting' Attacks Surge Across US as FBI Warns of $20 Million in Losses

Federal authorities are warning of a sharp rise in cyber-physical attacks targeting cash machines across the United States. According to a FBI alert issued on February 19, incidents of "ATM jackpotting"—a method using malware to force machines to dispense cash—have increased significantly. Out of 1,900 such incidents reported since 2020, approximately 700 occurred in 2025 alone, resulting in losses totaling more than $20 million.

Background and Context

The trend represents a sophisticated evolution in financial crime, shifting from card skimming to direct manipulation of ATM operating systems. The FBI's data indicates a sustained campaign against both bank-owned and independently operated ATMs. The February notification serves as a stark warning to the financial sector regarding the vulnerabilities of standalone cash dispensers to physical breaches that facilitate digital theft.

Key Figures and Entities

The surge in criminal activity has prompted a robust federal response. Most recently, a federal grand jury in Nebraska returned indictments against six individuals accused of orchestrating jackpotting schemes. These suspects join 87 others already federally linked to these crimes, according to court filings. They face a range of serious charges, including conspiracy to commit bank fraud, conspiracy to commit bank burglary, computer fraud, and damage to protected computers.

Legal and Financial Mechanisms

The mechanics of jackpotting involve a blend of physical intrusion and software exploitation. Investigators allege that criminals gain access to the ATM's internal components, removing the hard drive. They then either connect it to an external computer to install malware or swap it entirely with a pre-infected drive. This manipulation allows the perpetrators to bypass the machine's standard authorization and communication security, triggering a cash dispensation without a legitimate transaction. The FBI advises institutions to watch for physical signs of compromise, such as the presence of external USB keyboards or hubs, unexplained door alerts, and sudden cash shortages.

International Implications and Policy Response

While the immediate focus is on the domestic spike in cases, the jackpotting phenomenon highlights broader challenges in securing financial infrastructure. The ability of criminal networks to rapidly deploy malware across disparate physical locations points to a systemic gap in ATM security standards. Lawmakers and security experts are likely to scrutinize the reliance on aging hardware architectures that remain susceptible to these direct access attacks. The FBI has urged financial institutions to maintain strict physical surveillance and report any suspected jackpotting activity immediately.

Sources

This report draws on a FBI private industry notification regarding ATM jackpotting, public court documents from the District of Nebraska, and reporting by AL.com.