Even if you always look for skimmers and hidden cameras when you use an ATM, you still might be a victim of identity theft if the ATM is later sold on eBay or Craigslist.
A data security expert in Boston demonstrated this vulnerability. After searching Craigslist for a seller, he found a bar owner looking to liquidate assets. He paid $750 for the ATM, and after a hacker friend looked over the accompanying manual, he was able to get 1,000 account numbers to print out. Video is available here.
His local Fox affiliate is running a series on the story, along with some tips for avoiding skimmers and cameras. There’s not much you can do if you used an ATM that is later sold, although you can try to use only bank-branded ATMs in bank offices, and avoid obviously sketchy or out-of-place machines whenever possible. This assumes that the bank will securely wipe their ATMs before disposing of them.