On 22 November, Madison Square Garden Company (The Garden) began notifying their customers that a breach of the point of sale (POS) system had occurred, and may have affected those customers who purchased goods at merchandise and food concessions at The Garden’s various properties, during the period 09 November 2015 – 24 October 2016, you may be affected.

Properties affected

  • Madison Square Garden,
  • The Theater at Madison Square Garden,
  • Radio City Music Hall,
  • Beacon Theatre, and
  • The Chicago Theatre

Data exposed

The data contained in the magnetic stripe on the back of payment cards swiped in person:

  • credit card numbers,
  • card holder names,
  • expiration dates,
  • and internal verification codes

[bctt tweet=”Use plastic at The Garden November 2015-October 2016? MSG customer’s payment cards harvested” username=”PrevendraInc”]

I visited The Garden, what now?

If you visited any of the above venues during the window of criminal exposure and purchased something from one of the concessions (merchandise or food) and paid for it with a payment card (credit or debit), then The Garden recommends the following:  Potentially affected customers are advised to remain vigilant by regularly reviewing their payment card statements for any unauthorized activity. Customers should immediately report any unauthorized charges to their card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner. The phone number to call is usually on the back of the payment card. 

The Garden continues in a separate piecePrevendra: Madison Square Garden ticker solidifying the sense that you, the consumer, together with your credit/debit card issuer are on your own with a multi-page document repeating the data surrounding their year-long breach and then walking you through basic steps of monitoring one’s credit cards, putting freezes on credit reports, etc.

This breach appears to have little effect on the company’s valuation, as the market price of  The Garden stock went up, even though the last newsworthy item was about this very incident. What is missing from The Garden’s statements? How many consumers are affected?

But is this unique to The Garden? No. Consumers will remember and may have been affected by the POS breaches of Target, Home Depot, Wendy’s, Dairy Queen, Neiman Marcus, Eddie Bauer, HIE Hotels, and every entity using Oracle’s Micros POS system. From 2013, through 2014, 2015 and now 2016, POS systems are being compromised at a regular cadence.

I’m a retailer, what now?

Every retailer who has a POS system, be it controlled by their own IT team or via a third-party vendor, should hold those responsible for assuring the security and privacy of the consumer’s information, accountable. The POS is where the consumer exchanges their credit/debit card for the retailer’s goods, and the consumer should not have to worry if the retailer is information security savvy or not, but they should. If your business doesn’t understand the technology or the systems being discussed, then take a moment, and educate yourself either via the plethora of materials available on POS systems, or by engaging any number of reputable security and privacy consultants, to do a data flow audit to ensure the portion of the financial transaction occurring on your premises is secure.