NEW YORK–A data breach has been reported by Madison Square Garden Co., which operates the famed arena of the same name, as well as other venues that include Radio City Music Hall.
According to the company, thieves have been stealing payment card data for nearly a year prior to the announcement of the breach.
Madison Square Garden Co. learned of the potential breach after banks noticed transaction patterns that indicated a possible risk of fraud. A follow-up investigation discovered malware that looked for payment card information as it was routed through the system for authorization.
"The program was designed to find data read from the magnetic stripe of a payment card – data that may contain the card number, cardholder name, expiration dates and internal verification code," according to a statement published by Madison Square Garden Co. on its website.
The company reported that it was able to stop the intrusion in late October with the assistance of security firms. It said it has since installed enhanced security measures and informed law enforcement agencies.
No estimate of the number of cards affected has been released. The company said cards that could be involved were used to purchase food, beverages and other merchandise between Nov. 9, 2015, and Oct. 24, 2016, at Madison Square Garden, Radio City Music Hall, Beacon Theater, the Theater at Madison Square Garden as well as the Chicago Theater.
"This incident did not involve cards used on MSG websites, at the venues' box office or on Ticketmaster," the company said in its statement.