One of the repeated arguments made in retail data security circles is that retailers tend to have much weaker security because it's not as much of a cultural priority as, for example, banking. So it's a little bit consoling that the latest ATM databreach is apparently not the result of a retail breach, not the result of social engineering and the trusting bank clerk, but is the first proven incident of a bank server's breach linked to ATM fraud.
A computer intrusion into a Citibank server that processes ATM withdrawals led to two Brooklyn men making hundreds of fraudulent withdrawals from New York City cash machines in February, pocketing at least $750,000 in cash, according to a Wired story. Although Citibank told Wired that its systems had not been breached, Citibank "warned the FBI on February 1 that 'a Citibank server that processes ATM withdrawals at 7-Eleven convenience stores had been breached,' according to a sworn affidavit by FBI cyber-crime agent Albert Murray."