Detectives say suspects used a key, a phone and a blue Jeep during a four-hour overnight theft.
FAIRFAX, Va. — A late-night crew forced a drive-up ATM to spit out cash and walked away with about $175,000 from an Apple Federal Credit Union branch in Fairfax, police said Monday. The theft unfolded over several hours Oct. 3–4 at the 4200 block of Members Way near Fair Oaks.
Investigators describe the case as Fairfax County’s first known instance of “ATM jackpotting,” a cyber-physical attack that manipulates a machine to rapidly dispense the cash inside. Detectives with the Financial Crimes Unit released surveillance images and a minute-by-minute timeline of how the crew returned to the same ATM multiple times before the machine began pouring out bills. The department says the suspects remain at large. The case has drawn attention from regional bank security teams as authorities review whether similar attempts have happened nearby and whether the method used here matches patterns seen in other states.
According to police, the sequence began Oct. 3 at 10:18 p.m., when a man walked up to the drive-up ATM and used a key to open the cabinet. It was not immediately clear what he did while the machine was open. At 12:28 a.m., Oct. 4, the same person returned in a late-model blue Jeep and opened the ATM again. About 1:15 a.m., two people arrived in the Jeep, accessed the machine for roughly 15 minutes and appeared to record the process with their phones, police said. Shortly after 2 a.m., the driver pulled up and started collecting stacks of cash without inserting a card or touching the keypad, holding a phone toward the slot as the money flowed. He left briefly and returned at 2:09 a.m.; withdrawals continued until 2:44 a.m., investigators said. “Hackers are able to install malware or a virtual ‘black box’ into some ATMs” and make them “jackpot,” Capt. Jesse Katzman said.
Police said the crew targeted the Apple Federal Credit Union branch off Route 29, in the Fair Oaks area west of the City of Fairfax. Surveillance images show multiple suspects tied to a blue Jeep, including one unmasked driver during the cash withdrawals. The Financial Crimes Unit estimates the loss at about $175,000 from a single machine. Detectives said they are still working to determine precisely how the device was compromised, whether through hidden malware, a plug-in “black box,” or by intercepting the network link between the ATM and its processor. A second statement from Katzman underscored the broader impact: “Financial crimes are not victimless crimes,” he said, noting that losses can ripple through lending costs and insurance.
Jackpotting has been reported in scattered U.S. cases for nearly a decade, typically involving off-hours access to an ATM cabinet and a return visit to trigger the payout. Federal prosecutors charged several people last year in a multi-state scheme that looted more than $400,000 from machines in upstate New York. Security advisories have warned that older or poorly hardened units can be vulnerable if attackers gain brief physical access, sometimes by using a master key or by prying open a service panel. Fairfax County police said this is the first time they have documented a jackpotting attack within the county. Apple Federal Credit Union did not immediately respond to questions about any service interruptions or equipment changes at the affected branch. The bank has dozens of ATMs across Northern Virginia.
Detectives said they are reviewing the ATM’s maintenance history, card logs, and nearby surveillance footage to identify every person who approached the machine between 10:18 p.m. and 2:44 a.m. They also circulated still images of at least three suspects, including one unmasked individual, and are coordinating with other departments to see if the Jeep’s movements were captured on traffic cameras. As of Tuesday, no arrests had been announced and no charges had been filed. Investigators said the next steps include forensic analysis of the ATM hardware and software, interviews with service contractors, and follow-up with national industry groups that track jackpotting patterns. Any future court filings would detail exactly how the device was opened and overridden.
On Members Way, the ATM sits in a drive-up lane tucked between parking rows and a tree line. By daylight on Monday, customers filtered in and out of the branch while a strip of caution tape hung near the kiosk. A man who banks at Apple Federal Credit Union said he was surprised to hear about the overnight theft but not the technology. “If they can get into phones and cars, I guess they can get into an ATM,” he said. Another customer said the timeline — returns at 12:28 a.m., 1:15 a.m. and again after 2 a.m. — suggested the crew knew exactly when to trigger the machine. Bank staff at the location declined to comment, referring questions to headquarters.
The investigation remains active, with Fairfax County police reviewing additional video and any forensic clues from the machine. Detectives plan to release updates as they confirm the suspects’ identities and any related incidents. As of Wednesday, Nov. 19, authorities said the next milestone is a technical analysis report on the ATM and a review of regional cases for possible links.
Author note: Last updated November 19, 2025.