SYLACAUGA, Ala. – A Venezuelan man previously convicted of bank theft in Oklahoma now faces charges in Alabama for a sophisticated ATM hacking scheme that netted tens of thousands of dollars over Thanksgiving week.
Johnny Cruz Romero, 44, is charged with conspiracy and computer fraud in connection with ATM jackpotting — a cybercrime where malware manipulates machines to dispense unauthorized cash, according to federal investigators.
Court records allege Romero and an accomplice accessed an ATM at Heritage South Credit Union on Nov. 25, stealing $50,200 over several hours. They returned two days later to withdraw another $26,400 using the same technique. Surveillance footage shows the suspects opening the ATM, installing a device, and obscuring the camera.
On Thursday, Nov. 28, officers with the Sylacauga Police Department stopped a black car speeding away from the bank after reports of suspicious activity.
The driver, identifying himself as John Corderra, used a translation app to communicate, claiming to be from Venezuela and heading to Nashville. Officers issued a warning but later linked the car and driver to the ATM thefts after spotting it at the bank again within 30 minutes.
Police detained Romero and discovered devices consistent with ATM jackpotting, along with a substance smeared on the ATM camera.
Romero, who served 14 months in federal prison for a similar scheme in Oklahoma, was identified through fingerprint analysis. Federal probation officials have moved to revoke his supervised release, which began in May. Local charges against him include theft and computer tampering.
Heritage South Credit Union assured members their funds remain secure, emphasizing enhanced security measures.
In a statement on Facebook, HSCU CEO Jamie Payton wrote the following:
“First and foremost, we want to reassure our members that Heritage South Credit Union remains safe and secure. Your money is safe with us, and we are committed to doing everything in our power to protect our members, staff, and our institution. We have worked tirelessly since the breach to implement every possible security measure to safeguard against future incidents.