The Madison Square Garden Company just disclosed that someone had access to its payment processing system for almost a year. That means all data included on the magnetic stripe of thousands of credit cards — like credit card numbers, cardholder names, expiration dates and internal verification codes — could have been stolen.
Image: Flickr / Miguel Mendez
The breach not only affects Madison Square Garden but also the company’s other venues, including the Theatre at Madison Square Garden, Radio City Music Hall, Beacon Theatre and Chicago Theatre. If you used a credit card at any of these venues to buy merchandise, booze or overpriced food between 9 November 2015 and 24 October 2016, you may want to check your bank statement for anything out of the ordinary.
The Madison Square Garden Company says it has put a stop to the incident. According to the company’s statement, it appears that the card data wasn’t stolen by a physical skimmer placed over the card slot. The company says that it found “external unauthorised access to MSG’s payment processing system and the installation of a program that looked for payment card data as that data was being routed through the system for authorization”. This is essentially a virtual skimmer, that steals your credit card data as it is entered into the Garden’s database.
The thing that sucks about virtual skimmers is that there is essentially nothing you can do to protect yourself. If you suspect a point of sale system to have a physical skimmer attached to it, you could always try giving it a tug to see if anything that’s not supposed to be there pops off. But in the case of virtual skimmers, there isn’t much you can do besides carefully monitoring your bank balance for anything suspicious.
Virtual skimmers are simply just a harsh reality of our digital world. But don’t let them stop you from catching a Taylor Swift concert while holidaying abroad.