Madison Square Garden Discloses Data Breach

The Madison Square Garden Company has disclosed a data breach that may have affected customers at five of its locations. The company, which operates the self-named arena in New York City, along with Radio City Music Hall, Beacon Theater and Chicago Theater among others, believes that cyber criminals have tapped into its payment system between Nov 2015 and Oct 2016. Although the company has declined to say how many people were impacted, it has revealed that credit card numbers, names and expiration dates were stolen.  Richard Cassidy, Technical Director EMEA at Alert Logic commented below.

Richard Cassidy, Technical Director EMEA at Alert Logic:

“This breach highlights the critical need for organisations to implement more effective systems when it comes to the capture, correlation and analytics of data pertaining to card payment processing systems. Shockingly most breaches are discovered by a 3^rd party, which appears to be the case in this instance, but that said we can take it as a positive step that our banking systems are becoming far more effective at detecting misuse of customer credit/debit cards.

“Hackers have become far more sophisticated than ever before, using advanced (and often automated) threat techniques to stay under-the-radar of conventional security monitoring and inspection systems. Whether this particular breach was entirely external in nature is a point of contention; that said however, being able to successfully leak payment card data from MSG’s systems and to then go unnoticed until the cards were used in fraudulent transactions, is a major concern and one that customers will continue to demand reassurance against another breach happening.

“This does highlight the need for consumers to take the lead in the fight against cyber-crime, by continuously replacing cards on a regular (annual if not twice yearly) basis and immediately post any notification of a data breach at an organisation where transactions will have been made. Whilst many credit card companies will take responsibility to protect consumers from fraudulent transactions, the resultant effort to recover those losses can create considerable headache and stress for the families concerned.”