Cyber Incident Victim: Laurentian Bank

On January 28, 2020, Laurentian Bank reported three ATM thefts across locations north of Montreal, resulting in approximately $55,000 in losses. The compromised ATMs were situated in Terrebonne, Saint-Jérôme, and Saint-Eustache. The incident was initially detected on the evening of January 26 when a bank technician contacted Terrebonne police at approximately 11:55 p.m. to report suspicious activity at an ATM near the intersection of Moody and des Seigneurs boulevards. Subsequent investigations confirmed similar breaches at machines in the other two municipalities. Local law enforcement agencies from all three jurisdictions collaborated on the case and requested assistance from the Sûreté du Québec, Quebec's provincial police force, to coordinate the cross-jurisdictional investigation. No arrests or suspect descriptions were disclosed in initial reports.

The attackers employed physical skimming devices attached to the ATMs' card readers to clone bank cards during legitimate customer transactions. According to cybersecurity expert Éric Parent of EVA-Technologies, the thieves supplemented these skimmers with concealed cameras to capture victims' PIN entries. This dual-component attack allowed the perpetrators to create functional card duplicates paired with valid PINs, enabling unauthorized cash withdrawals. The bank confirmed all compromised ATMs belonged to its network but did not disclose technical details about the skimmers' installation timeframe or whether internal security systems detected the tampering. Financial impacts were confined to stolen cash from customer accounts via cloned cards, with no evidence suggesting broader network infiltration or digital system compromises beyond the physical ATM alterations. Laurentian Bank coordinated with law enforcement but did not publicly outline specific remediation measures taken at its ATMs following the incidents.