The venue said it found signs of external unauthorized access in the last week of October. It would have impacted some customers who used their credit card to purchase merchandise and/or food/drink items at Madison Square Garden, the Theater at Madison Square Garden, Radio City Music Hall, Beacon Theater, and Chicago Theatre (in Chicago) between November 9, 2015 and October 24, 2016.
[Ads /]
"Every event and venue, every concession, anyone who's bought a pretzel, hot dog or a beer, is in trouble," said Paul Oster, a credit expert.
"Findings from the investigation show external unauthorized access to MSG's payment processing system and the installation of a program that looked for payment card data as that data was being routed through the system for authorization," the company posted on its website.
The system hack was designed to find data read from the magnetic stripe of a payment card - data that may contain the card number, cardholder name, expiration date, and internal verification code.
This is why the credit industry has switched to cards with electronic chips, but many merchants, evidently MSG, have been slow to make the change themselves.
"If you swipe a credit card instead of using a chip reader, you are really leaving yourself wide open for someone to steal all the information that's contained in that magnetic strip," Oster said.
Madison Square Garden said it has since stopped the incident. The breach does not affect all cards used during this time, but it did not disclose how many were or weren't involved.
The credit card breach does not involve credit cards used on MSG websites, at the venues' box offices or on Ticketmaster.
[Ads /]
The company offered this advice to cardholders who were possibly involved:
"It is always advisable to remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized activity. You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner."
MSG said anyone with questions with regard to the breach may call them at 844-319-9619 from 9 a.m. to 9 p.m. EST, Monday to Friday (excluding major holidays).