The passwords and debit-card numbers of at least five people have been stolen from customers of Langford's Station House Pub, which has been hit by two security breaches in the past month.
The Vancouver Island chapter of the RCMP's commercial crime unit investigated the pub's card readers two weeks ago and confiscated a machine that was used to obtain information from at least five customers between June 18 and 21.
On Monday, a second compromised machine was taken, prompting police to encourage customers to carefully examine their statements.
"If you have any discrepancies, cancel the card immediately and contact the RCMP as well," said West Shore RCMP spokesman Sgt. Max Fossum.
"People are contacting the banks, but not getting the information to us, and it's kind of stalling the investigation."
Fossum said it is easy for someone to swap an unsecured PIN pad. "All it takes is 10 seconds," he said.
Police say there may not be a link between this incident and an earlier theft of credit card information from the Goldstream Avenue pub.
In early July, police reported that a computer hacker bypassed a faulty computer firewall and had full access to dozens of cards through the pub's paymentprocessing software.
The credit card numbers of more than 50 people were obtained in the incident, which the commercial crime unit called the most sophisticated data breach it had seen in years.
Pub owner Bill Beadle has since updated his computer's security, Fossum said. He is also planning to bolt the pub's PIN pads to the counter.
Digital Defence is a leading provider of information security services focused on preventing and responding to security breaches in Toronto, the GTA, Canada and the US markets.
Our global clients - ranging from Fortune 500 businesses to small- and medium-sized enterprises, secure their networks and critical information by taking advantage of Digital Defence's unique capabilities:
- Our people possess extensive experience and industry leading credentials. Commensurate with the trust that is placed in them, they hold Government-issued security clearances
- Whether conducting Penetration Testing ("ethical hacking"), Compliance Assessment, or, Data Forensics our structured service delivery model ensures that your IT security is aligned and customized to your specific business objectives