“From what I've researched and read, the algorithms used by the processing companies on these prepaid cards were simplistic and easy to get,” says Jim Fidler, vice president of Mobile Technology for mobile-device security company Parabal. “With basic software and a couple pieces of inexpensive hardware, you can duplicate cards and alter their magnetic data strips.”

To perpetrate the scheme, hackers tampered with prepaid and debit MasterCards processed by two companies with locations in India, which Reuters identified as EnStage Inc. and ElectraCard Services. They manipulated the card's codes to increase their available balances and eliminate withdrawal limits, and then passed the infected codes to thousands of “cashers” who used them to suck funds from ATM machines.

The attacks were carried out in December and in February, with each long chain of thefts lasting less than 24 hours each. The members most likely communicated via aliases on message boards that are locked-out to the public, says Kenyon.

Earlier this year, eight men were accused by the U.S. Justice Department of being members of one of the crime scheme's cells. Another alleged member of that cell was found dead in the Dominican Republic in April.

The plan's ultimate ringleaders are still at large.

Verizon reports that cyber attacks against financial institutions represent 37 percent of all breaches, manifesting as stolen debit-card information, personal bank account information and even customer's names, addresses and social security numbers.

According to the company's 2013 Data Breach Investigations Report, 61 percent of breaches involve planting skimming devices on ATMs to steal magnetic stripe data from payment cards; 16 percent involve using stolen usernames and passwords to gain unauthorized access to web accounts; and 15 percent of breaches were carried out by employees abusing access to intranet systems to sell fraudsters private information.

As a result, more companies than ever are opting for cyber liability insurance – Marsh reports that it saw a 33 percent increase in clients choosing the coverage in 2012 than in 2011.

However, according to Kevin P. Kalinich, Cyber Insurance global practice leader at Aon Risk Solutions, the terms of that coverage become fuzzier each time the industry suffers a significant loss. He says that cyber breaches can even extend into Property coverage if business is interrupted as a result of a website shut-down.

“If this was any other industry, like retail, healthcare or hospitality, it would be easier to answer how this event can impact the availability for cyber coverage in the future; from a financial institution standpoint, it can affect crime, professional liability, general liability and also cyber,” he says.

He adds, “Underwriters didn't anticipate what kind of a world we would have in 2013 when they wrote traditional property and general liability policies. They're now scrutinizing policies to exclude perils like hacks…and will tighten up and add exclusions for intangible perils.”

Kalinich concludes, “What companies need to do is take a step back, and instead of only worrying about what kind of insurance we will need, get our IT people together with our legal, financial and product people to discuss the technical defenses for cyber breach, the liability of a breach, the impact of a breach and how to safely offer new services.”