Madison Square Gardens Customers at Risk
Posted by: Timothy Weaver on 11/25/2016 01:45 PM
[
Comments
]
During the last year, customers who attended shows at the Madison Square Gardens have had their information stolen.
Customers include attendees at Rangers, Knick and the Rockettes at the organizations five major venues. Financial companies are reporting a pattern of fraudulent activity with the point of sale systems.
The organization, as well as outside investigators, are reporting that POS systems were accessed by an outside person from Nov. 9, 2015 to Oct. 24, 2016.
The accessed systems included food and merchandise retail POS systems at Madison Square Garden, the Theater at Madison Square Garden, Radio City Music Hall, Beacon Theater, and Chicago Theater. The stolen information included credit card numbers, cardholder names, expiration dates and internal verification codes.
“Findings from the investigation show external unauthorized access to MSG's payment processing system and the installation of a program that looked for payment card data as that data was being routed through the system for authorization,” MSG said in a written statement.
Casey Ellis, CEO and founder of Bugcrowd, commented: "Madison Square Garden's breach may be common in that we've seen it before, but it's not common in that we haven't seen much of it lately. In fact this breach bears a strong resemblance to the high-profile POS RAM scraping hacks we saw so much of in 2014 (Target, Home Depot, Neiman Marcus).”
The company has not reported on how many customers may be impacted nor the type of malware that was used.
Richard Henderson, global security strategist at Absolute Software, said: “It's critical to properly segment these networks, actively monitor them for breach indicators, and always assume that these systems have been breached.”
Source: SCMagazine
Customers include attendees at Rangers, Knick and the Rockettes at the organizations five major venues. Financial companies are reporting a pattern of fraudulent activity with the point of sale systems. The organization, as well as outside investigators, are reporting that POS systems were accessed by an outside person from Nov. 9, 2015 to Oct. 24, 2016.
The accessed systems included food and merchandise retail POS systems at Madison Square Garden, the Theater at Madison Square Garden, Radio City Music Hall, Beacon Theater, and Chicago Theater. The stolen information included credit card numbers, cardholder names, expiration dates and internal verification codes.
“Findings from the investigation show external unauthorized access to MSG's payment processing system and the installation of a program that looked for payment card data as that data was being routed through the system for authorization,” MSG said in a written statement.
Casey Ellis, CEO and founder of Bugcrowd, commented: "Madison Square Garden's breach may be common in that we've seen it before, but it's not common in that we haven't seen much of it lately. In fact this breach bears a strong resemblance to the high-profile POS RAM scraping hacks we saw so much of in 2014 (Target, Home Depot, Neiman Marcus).”
The company has not reported on how many customers may be impacted nor the type of malware that was used.
Richard Henderson, global security strategist at Absolute Software, said: “It's critical to properly segment these networks, actively monitor them for breach indicators, and always assume that these systems have been breached.”
Source: SCMagazine
Comments
