The Madison Square Garden Company notified customers that there's a chance fraudsters have obtained their credit card information.
In the past year, credit card data used at Madison Square Garden has been taken by thieves, the corporation claims, using a PoS malware on its payment processing system.
Credit card numbers, cardholder names, expiration dates, and internal verification codes are among the payment card data that hackers have obtained.
The Madison Square Garden corporation announced the security lapse and made it clear that only patrons who paid with their cards in person for food, drinks, or merchandise may access its venues. The group claims that buyers were not exposed when they made ticket and goods purchases online.
Source: https://securityaffairs.com/53693/data-breach/madison-square-garden-breach.html
TPRM report: https://scoringcyber.rankiteo.com/company/msg-entertainment
"id": "mad214551123",
"linkid": "msg-entertainment",
"type": "Data Leak",
"date": "11/2016",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'In-person purchasers of food, '
'drinks, or merchandise',
'industry': 'Entertainment',
'location': 'New York, USA',
'name': 'Madison Square Garden Company',
'type': 'Entertainment Venue'}],
'attack_vector': 'PoS Malware',
'customer_advisories': 'Public disclosure and customer notification',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Credit card numbers',
'Cardholder names',
'Expiration dates',
'Internal verification codes']},
'description': 'The Madison Square Garden Company notified customers that '
"there's a chance fraudsters have obtained their credit card "
'information. In the past year, credit card data used at '
'Madison Square Garden has been taken by thieves, the '
'corporation claims, using a PoS malware on its payment '
'processing system. Credit card numbers, cardholder names, '
'expiration dates, and internal verification codes are among '
'the payment card data that hackers have obtained. The Madison '
'Square Garden corporation announced the security lapse and '
'made it clear that only patrons who paid with their cards in '
'person for food, drinks, or merchandise may access its '
'venues. The group claims that buyers were not exposed when '
'they made ticket and goods purchases online.',
'impact': {'data_compromised': ['Credit card numbers',
'Cardholder names',
'Expiration dates',
'Internal verification codes'],
'payment_information_risk': 'High',
'systems_affected': 'Payment Processing System'},
'initial_access_broker': {'entry_point': 'PoS Malware'},
'motivation': 'Financial Gain',
'post_incident_analysis': {'root_causes': 'PoS Malware on payment processing '
'system'},
'response': {'communication_strategy': 'Public disclosure and customer '
'notification'},
'threat_actor': 'Unknown',
'title': 'Madison Square Garden Credit Card Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Payment Processing System'}