Madison Square Garden Concessions Hacked for a Year

Madison Square Garden Company (MSG) announced this week that hackers compromised point of sale systems at a number of their properties.

madisonsquaregarden-flickr-Rich Mitchell
Photo Courtesy of Rich Mitchell (Flickr) under a Creative Commons License

The properties include Madison Square Garden, Beacon Theatre and Radio City Music Hall among venues.

One more time, it appears that the hack happened with the point of sale system that runs the concession stands at those properties.

The breach, they say, started in November 2015 and was shut down in October 2016 – a full year.

The data that was compromised is what we usually see – names, credit card numbers, verification codes and expiration dates.

MSG has not said how the hackers got in or how many cards they took.  We do not know, of course, whether this is because they have no idea or because they are keeping the details quiet in anticipation of one or more lawsuits.  If there are lawsuits, these details will likely become public, but that is an if.

As is usually the case, MSG did not figure out themselves that they were hacked.  In their case, it was not the FBI that came to visit them, but rather the credit card companies – the folks that get to eat the losses.

MSG also owns venues in Boston and Los Angeles but they have not indicated that the problem extended to those locations.

They did say that the data was compromised as it was being routed through the system for authorization.  If this is true, then it seems likely that MSG concession stands did not have chip card readers in place.  Chip card readers encrypt the data before it leaves the card reader, making it difficult to compromise while being routed through the system.  This is speculation on my side.  If this is true, then MSG has way more liability for the costs of the breach.

MSG has not said whether they have cyber insurance or whether they will be writing checks themselves.

They also have not said whether the concessions are outsourced to another company  which is relatively common.

They also have not said if a third party vendor who may have maintained the POS terminals was the source of the compromise.

For some reason, this story was a bit difficult to piece together, requiring a number of sources just to collect these limited facts.  MSG. I am speculating,  just hopes to get this issue behind them quickly.

Information for this post came from the NY Daily News, Billboard and NBC TV 4 New York .

[TAG:BREACH]

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code