In 2008 an international gang carried out an attack that involved fraudulent cash withdrawals from around 2,100 ATMs in 280 cities across the world in less than 12 hours. Some of the countries affected were Russia, the Ukraine, USA, Canada, Estonia, Italy, Hong Kong and Japan.
This was possible because of a cyber attack on the computer systems of RBS Worldpay (which was sold by Royal Bank of Scotland last year). The cyber attack compromised the encryption used by the Worldpay processor to protect customer data on payroll debit cards. This allowed the hackers to increase the account limits on 44 counterfeit payroll debit cards which were then quickly used for cash withdrawal by the gang's contacts at the ATMs across the world. Around $9.4 million was taken during the 12 hour period.
Yevgeny Anikin who was part of the international hacking operation, pleaded guilty in a Russian Court and was given a five year suspended sentence. According to RIA News he said "I want to say that I repent and fully admit my guilt". He also claims to have started to repay some of the amount stolen. He has been under house arrest since 2009 and has used some of the stolen money to buy two apartments and a luxury car.
According to Finextra (http://www.finextra.com/news/fullstory.aspx?newsitemid=22247) a leading member of the gang, Viktor Pleshchuk, got off with a suspended six year sentence from a Russian Court.
His fellow ringleader, Estonian Sergei Tsurikov has been less fortunate; he was extradited to the US to face charges which, if found guilty could see him jailed for up to 35 years.