Madison Square Garden Company has just announced that there had been a data security breach for credit cards at five of its properties. Payment card users may have been affected by the breach, but only those who had used their credit cards at merchandise and food/beverage stands at the venues.
Apparently the company began investigations after issuing banks informed them last month of potential abnormalities in transactions and a “transaction pattern indicating a potential data security concern.” The investigation led to the discovery that there had been “external unauthorized access” to the payment processing system at merchandise and food locations at not just “The World’s Most Famous Arena,” but also the Theater at Madison Square Garden, Radio City Music Hall, Beacon Theatre and the Chicago Theatre.
According to a statement, “data contained in the magnetic stripe on the back of payment cards swiped in person to purchase merchandise and food and beverage items at Madison Square Garden, the Theater at Madison Square Garden, Radio City Music Hall, Beacon Theater, and Chicago Theater between November 9, 2015 and October 24, 2016 may have been affected, including credit card numbers, cardholder names, expiration dates and internal verification codes. Not all cards used during this time frame were affected. This incident did not involve cards used on MSG websites, at the venues’ Box Offices, or on Ticketmaster.”
MSG Co. says that analysts found the installation of a program that “looked for payment card data as that data was being routed through the system for authorization.”
“After learning of a transaction pattern indicating a potential data security concern, MSG immediately initiated an investigation and engaged leading computer security firms to examine its network, fix the issue and implement enhanced security measures,” the company spokesperson said in separate statement. “The independent forensic investigation shows that no further cards were accessed after the time when signs of unauthorized access were identified. Customers may use their cards with confidence at MSG venues. The company takes seriously the protection of customer information and is in the process of notifying customers to provide them with information on how they can protect themselves.”
The company has not disclosed how many customers may have been affected during the breach, but suggested that card users should review their account statements during the impacted timeframe and report abnormalities to the issuing banks.
During the year-long period, the 5 venues had hosted innumerable number of concerts and sporting events, with the Garden alone holding three Kanye West events, six Adele concerts, four Drake and Future Summer Sixteen shows, two Radiohead concerts and so many more.