NEW YORK — A massive data breach was reported Tuesday by the owner of the historic Chicago Theater.
Criminals appear to have tapped into the its payment system to glean information on cards used between Nov. 9, 2015 and Oct. 24, 2016 at its merchandise, food and beverage locations at Madison Square Garden, The Theater at Madison Square Garden, Radio City Music Hall, Beacon Theater and The Chicago Theater. The information compromised includes credit card numbers, cardholder names and expiration dates.
The company says the problem’s been fixed, but not before a card-skimmer stole customers’ names, credit card numbers and other data. IT expert Jerry Irvine says the magnetic card system dates back to the 1950’s, so they’re relatively easy to compromise.
“Once I get into that point of sale system, then I have the ability to put a payload on that system, which is just a virus, that allows me to get into anything that it’s connected to,” Irvine said.
The New York company on Tuesday declined to say how many people were impacted, but said it’s working with law enforcement and reaching out to customers about how they can protect themselves.
Customers who may have been affected are encouraged to review their accounts for unauthorized activity and to report it immediately. The company also provided further information on its website.
In a statement, the company said:
“MSG has identified and addressed a payment card issue resulting from external unauthorized access to MSG’s payment processing system at five of its properties. After learning of a transaction pattern indicating a potential data security concern, MSG immediately initiated an investigation and engaged leading computer security firms to examine its network, fix the issue and implement enhanced security measures. The independent forensic investigation shows that no further cards were accessed after the time when signs of unauthorized access were identified. Customers may use their cards with confidence at MSG venues. The company takes seriously the protection of customer information and is in the process of notifying customers to provide them with information on how they can protect themselves.”