The Federal Bureau of Investigation issued a bulletin on February 19, 2026, warning of a sharp increase in malware-enabled ATM jackpotting incidents across the United States, with the bulletin citing more than 700 incidents nationwide. Federal prosecutors have charged scores of suspects tied to an international conspiracy that has hit ATMs in multiple states, with the total number of defendants rising through grand jury indictments since late 2025. The scale of the crackdown, and the speed at which new suspects keep surfacing, signals that U.S. financial institutions face a persistent and growing threat from organized rings that can drain cash machines in minutes.
How Jackpotting Drains ATMs Without a Card
ATM jackpotting forces machines to dispense cash on demand, bypassing normal transaction controls entirely. The technique requires physical access to a machine’s internals, where attackers install malware or plug in specialized hardware that overrides the dispenser’s software. The U.S. Secret Service first warned publicly about the tactic in early 2018, noting that standalone ATMs, often located in convenience stores, gas stations, or strip malls, are the most common targets because they tend to have weaker physical security than machines embedded in bank lobbies.
What makes jackpotting distinct from card skimming or network intrusion is its blunt directness: the criminal walks up, opens the ATM cabinet, loads the exploit, and the machine spits out bills until the cassette is empty. No stolen account numbers are needed. No customer data is compromised in the traditional sense. The loss falls squarely on the financial institution or ATM operator that owns the cash. That combination of relatively low technical barriers at the point of attack and high per-incident payoff helps explain why organized groups have scaled the method so aggressively in recent years, treating each compromised machine as a one-time safe to be emptied and abandoned.
FBI Bulletin Flags a Nationwide Surge
The FBI’s February 19 bulletin, titled Increase in Malware-Enabled ATM Jackpotting Incidents Across United States, represents the bureau’s most direct public acknowledgment that the problem has reached a new threshold. While earlier federal advisories treated jackpotting as an emerging risk, this bulletin frames it as an active, escalating campaign that spans the country. The document warns that criminal crews are repeatedly targeting the same brands and models of ATMs, often exploiting outdated software and lax physical protections, and it urges law enforcement agencies to share intelligence quickly when suspicious activity is detected.
Most public discussion of ATM crime still centers on skimming, the practice of capturing card data at the point of sale. Jackpotting has received far less attention, partly because it does not directly victimize individual cardholders and partly because affected banks have little incentive to publicize the losses. The FBI bulletin shifts that dynamic by putting the threat on the record for police departments, financial regulators, and ATM operators nationwide, effectively telling the industry that the problem is too large to handle quietly. By flagging a nationwide pattern, the bureau is also signaling that isolated arrests will not be enough; instead, coordinated investigations and standardized defensive measures will be needed to blunt the trend.
Indictments Pile Up From Nebraska to Georgia
The prosecutorial response has been unusually aggressive. A federal grand jury in the District of Nebraska returned an indictment on February 20, 2026, charging six additional individuals for their roles in a large-scale international jackpotting scheme, according to the Department of Justice. That filing brought the total number of charged defendants to 93, per the DOJ’s Office of Public Affairs. An earlier round of charges had added 31 defendants, raising the count at that point to 87 people accused in connection with the same overarching investigation. The charges span bank fraud, burglary, computer fraud, and damage to computers, reflecting prosecutors’ view that jackpotting straddles both traditional property crime and sophisticated cyber-enabled intrusion.
The Nebraska indictments alone account for a significant share of those defendants. Two grand jury indictments in that district charged 54 alleged conspirators in a multi-million-dollar operation: an October 21, 2025 indictment named 32 individuals on 56 counts, and a December 9, 2025 indictment charged 22 more. The DOJ has described the scheme as an alleged nationwide conspiracy to steal millions of dollars, and prosecutors have linked it to the Venezuelan gang Tren de Aragua, portraying the jackpotting campaign as one revenue stream within a broader transnational criminal enterprise. The investigation has drawn on multiple federal partners, with both the FBI and the U.S. Marshals Service taking central roles in tracking fugitives, coordinating arrests, and transporting defendants across districts as cases move toward trial.
Separate Busts Reveal the Method’s Reach
Federal cases outside Nebraska show that jackpotting is not the work of a single network and that smaller, more agile crews are adopting the same techniques. In the Middle District of Georgia, prosecutors dismantled a multi-state ring tied to thefts that occurred over just three days, from September 14 to 16, 2024. Court documents in that matter describe $24,000 stolen from Peoples South Bank ATMs, with investigators relying on surveillance footage, license plate records, and fingerprint evidence to identify suspects who allegedly moved rapidly between locations. The tight operational window, covering multiple states in less than a week, illustrates how quickly these crews can act once they have working malware, a list of vulnerable machines, and mules ready to travel.
Other federal filings referenced in the recent DOJ releases suggest similar patterns in additional jurisdictions, with crews often composed of a small number of technically savvy organizers and a larger pool of lower-level participants who handle travel, lookout duties, and cash collection. In many instances, the same malware toolkit appears to be reused across incidents, indicating that software developers or suppliers may be selling or leasing exploit packages to multiple groups. That diffusion of capability makes the threat harder to contain: even as law enforcement dismantles one network, another can emerge quickly using the same playbook, targeting different regions or ATM operators.
Why Financial Institutions Are Struggling to Keep Up
The surge in jackpotting incidents is exposing structural weaknesses in how many financial institutions manage ATM fleets. Standalone machines in retail locations often run older operating systems and may not receive timely security updates, largely because they are operated by third-party vendors under contract rather than by banks directly. Physical protections can also lag behind best practices; cabinets may be easier to pry open, alarm systems may not trigger when panels are removed, and video coverage can be inconsistent. When attackers can access internal ports and connect their own devices, the technical barrier to launching a malware attack drops considerably, allowing organized groups to train new recruits quickly.
Smaller banks and independent ATM operators face particular challenges because they may lack dedicated cybersecurity teams or the capital to replace vulnerable hardware at scale. Upgrading to more secure machine models, hardening operating systems, and deploying tamper-detection sensors all carry costs that can be difficult to justify until a loss occurs. The FBI bulletin and the recent wave of indictments could change that calculus by making jackpotting risk more visible to boards, insurers, and regulators. As the financial and reputational stakes rise, institutions that delay modernization may face higher costs and greater scrutiny from examiners focused on operational resilience.
Next Steps for Law Enforcement and the Industry
For law enforcement, the Nebraska and Georgia prosecutions underscore the value of treating jackpotting as a coordinated, multi-jurisdictional problem rather than a series of isolated thefts. Federal agencies are using conspiracy and computer-crime statutes to tie together incidents that might otherwise have been charged as simple burglaries, enabling longer potential sentences and more leverage to secure cooperation from defendants. Information-sharing between districts, and between federal and local agencies, will be crucial as investigators look for common malware signatures, overlapping travel patterns, and shared financial channels that can reveal higher-level organizers.
For banks and ATM operators, the message from the FBI and DOJ is that technical defenses must evolve in parallel with enforcement. That means hardening ATM software, limiting or disabling unnecessary internal ports, and ensuring that physical access triggers alarms and remote monitoring. It also means training frontline staff and retail partners to recognize signs of tampering, such as unusual service visits or individuals spending extended time at a machine without conducting a normal transaction. As jackpotting becomes a more prominent item on regulators’ and insurers’ risk agendas, institutions that invest early in upgrades and monitoring are likely to be better positioned to withstand both the immediate financial impact of attempted attacks and the longer-term scrutiny that follows major incidents.
More From The Daily Overview
*This article was researched with the help of AI, with human editors creating the final content.
Grant Mercer covers market dynamics, business trends, and the economic forces driving growth across industries. His analysis connects macro movements with real-world implications for investors, entrepreneurs, and professionals. Through his work at The Daily Overview, Grant helps readers understand how markets function and where opportunities may emerge.
