Yesterday, the Madison Square Garden Company notified users that their payment card data may have been stolen by cybercriminals. According to the company, crooks have used a PoS malware on its payment processing system and have stolen payment card data used at the Madison Square Garden in the last year.
Hackers have stolen payment card data, including credit card numbers, cardholder names, expiration dates, and internal verification codes.
The Madison Square Garden company disclosed the security breach and clarified that only customers who physically used their card for food, drink or merchandise payments at its venues. According to the organization, online ticket and merchandise purchases did not expose customers.
MSG disclosed information on the attack neither information on the number of affected users.
The affected cards have been used between 9 November 2015 and 24 October 2016 at several Madison Square Garden venues, including the Theater at Madison Square Garden, Radio City Music Hall, Beacon Theater, and Chicago Theater.
Below the official statement released by the Madison Square Garden
“Findings from the investigation show external unauthorised access to MSG’s payment processing system and the installation of a program that looked for payment card data as that data was being routed through the system for authorisation,” reads the statement.
“Data contained in the magnetic stripe on the back of payment cards swiped in person to purchase merchandise and food and beverage items at Madison Square Garden, the Theater at Madison Square Garden, Radio City Music Hall, Beacon Theater, and Chicago Theater between November 9, 2015 and October 24, 2016 may have been affected, including credit card numbers, cardholder names, expiration dates and internal verification codes. Not all cards used during this time frame were affected. This incident did not involve cards used on MSG websites, at the venues’ Box Offices, or on Ticketmaster.”
(Security Affairs – Madison Square Garden, data breach)