Credit cards ripped from Madison Square Garden venues in year-long op

Carders have spent a year stealing an unknown number of credit card numbers from iconic New York City entertainment venue operator Madison Square Garden, after breaching payment card processing systems.

Madison Square Garden disclosed the breach and said it only impacted customers who paid for food, drink or merchandise in person at its venues. Online ticket and merchandise purchases did not expose customers.

Credit card numbers, cardholder names, expiration dates and internal verification codes were stolen from cards at venues Madison Square Garden; the Theater at Madison Square Garden; Radio City Music Hall; Beacon Theater, and Chicago Theater between 9 November 2015 and 24 October this year.

The company released little technical information about the breach, and nothing about the amount of cards affected.

"Findings from the investigation show external unauthorised access to MSG’s payment processing system and the installation of a program that looked for payment card data as that data was being routed through the system for authorisation," the company says in a statement.

"This incident did not involve cards used on MSG websites, at the venues’ Box Offices, or on Ticketmaster," the statement says.

Magnetic stripe data is the most insecure credit card technology. In many nations it has been all-but-deprecated in favour of chip-and-pin technology. Adoption of the improved payment method is still in its early days across much of the United States, making this kind of haul more likely in the land of the free. ®