The Madison Square Garden Company just disclosed that someone had access to its payment processing system for almost a year. That means all data included on the magnetic stripe of your credit card—like credit card numbers, cardholder names, expiration dates, and internal verification codes—could have been stolen.
The breach not only affects Madison Square Garden but also the company’s other venues, including the Theater at Madison Square Garden, Radio City Music Hall, Beacon Theater, and Chicago Theater. If you used a credit card at any of these venues to buy merchandise, booze, or overpriced food between November 9, 2015 and October 24, 2016, you may want to check your bank statement for anything out of the ordinary.
The Madison Square Garden Company says it has put a stop to the incident. According to the company’s statement, it appears that the card data wasn’t stolen by a physical skimmer placed over the card slot. The company says that it found “external unauthorized access to MSG’s payment processing system and the installation of a program that looked for payment card data as that data was being routed through the system for authorization.” This is essentially a virtual skimmer, that steals your credit card data as it is entered into the Garden’s database.