Computer criminals have been able to successfully breach the Madison Square Gardens payment systems during November 9 2015 – October 24 2016.
Madison Square Garden Breached
Computer criminals have been able to successfully breach the Madison Square Garden payment systems. The reported incident occurred between November 9 2015 and October 24 2016. Customers who have used payment (credit or debit) cards for food, merchandise or beverage at the Madison Square Theater, Radio City Music Hall, Beacon Theater or the Chicago Theater might have their details compromised by the hackers. These users should review with care their bank statements and immediately report any suspicious transactions.
The Madison Square gardens proprietors were notified of the payment card breach due to a transaction pattern that indicated a potential security concern. The company has immediately started an investigation that is handle by leading computer security vendors.
The police is also involved however the published information does not reveal any connections to known hacker groups. At the moment it is not known who is behind the attack. According to the initial analysis the attack tool place from outside the network and no POS systems were compromised.
The company managed to stop the intrusion and is working with the cyber security experts to both understand who was responsible for the attack and to strengthen their network.
Here is an excerpt of the public press release:
When MSG was notified that payment card issuing banks identified a transaction pattern indicating a potential data security concern, MSG immediately commenced an investigation and engaged leading computer security firms to examine its network. In the last week of October 2016, as soon as the investigation found signs of external unauthorized access, MSG worked with the security firms to stop it and to implement enhanced security measures.
Findings from the investigation show external unauthorized access to MSG’s payment processing system and the installation of a program that looked for payment card data as that data was being routed through the system for authorization. Data contained in the magnetic stripe on the back of payment cards swiped in person to purchase merchandise and food and beverage items at Madison Square Garden, the Theater at Madison Square Garden, Radio City Music Hall, Beacon Theater, and Chicago Theater between November 9, 2015 and October 24, 2016 may have been affected. Not all cards used during this time frame were affected. This incident did not involve cards used on MSG websites, at the venues’ Box Offices, or on Ticketmaster.
What Information Was Involved
The program was designed to find data read from the magnetic stripe of a payment card – data that may contain the card number, cardholder name, expiration date, and internal verification code – as the data was being routed through the affected payment systems.
What You Can Do
It is always advisable to remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized activity. You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner. The phone number to call is usually on the back of your payment card. Please see the section that follows this notice for additional steps you may take to protect your information.
What We Are Doing
MSG has stopped this incident, and we continue to work with the computer security firms to further strengthen the security of our systems to help prevent this from happening again. We are also working with law enforcement regarding this matter.