Cyber Incident Victim: Argenta

In July 2020, Belgium experienced its first documented jackpotting attacks targeting Argenta, a savings bank headquartered in Antwerp. The incidents occurred on consecutive days in West Flanders, with ATMs in Roeslare compromised on Friday, July 10, followed by an attack in Ingelmunster on Saturday, July 11. Jackpotting—a form of logical attack—involves installing malicious software or hardware on ATMs to forcibly dispense cash, often requiring physical USB access or network-based malware deployment. Argenta responded by immediately shutting down 143 ATMs across its network over the weekend to contain further risk. These attacks mirrored two earlier unsuccessful attempts in June against ATMs in Ranst and Borsbeek, all targeting outdated Diebold-manufactured machines that had been slated for replacement prior to the incidents. The bank did not disclose whether cash was stolen during the July attacks or confirm the attackers' operational success.

Belgian federal police launched an investigation into the incidents, operating under the hypothesis that the same criminal group orchestrated both the June and July attacks. Argenta spokesperson Christine Vermylen acknowledged that despite prior security upgrades, the legacy ATM models remained vulnerable to criminal targeting, prompting the preemptive deactivation of all 143 devices. The bank accelerated plans to replace the compromised ATMs with new models, originally scheduled for later in 2020, though no specific timeline for completion was provided. No customer data breaches or digital banking system compromises were reported in connection with the jackpotting incidents, which exclusively affected physical ATM hardware. The operational disruption impacted cash access for Argenta clients during the ATM shutdown period, though the bank did not quantify the financial or service continuity repercussions.