I know reading the article means I'm new and all, but it was based on both meatspace and cyber.
"Armed with unauthorized access to FISâ(TM)s card platform, the crooks were able to reload the cards remotely when the cash withdrawals brought their balances close to zero."
This was coordinated between people at the ATM and to someone on the FIS network reloading the cards.