A press release from The Madison Square Garden Company Tuesday has revealed that customer payment information was compromised during a nearly year-long period at five venues owned by the company, including the location of the quarterfinals and semifinals for the 2016 League of Legends World Championship.
The investigation into the stolen credit card information is being handled by the United States Secret Service, with the New York Police Department assisting them, an NYPD spokesperson told theScore esports. A representative of the U.S. Secret Service's confirmed that the agency's Electronic Crimes Task Force is investigating the matter in cooperation with the Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC), but could not comment on details of the investigation.
The Secret Service is best known for its protection of the United States' highest elected leaders, but it is also tasked with protecting the nation's financial infrastructure from a wide range of crimes.
MSG's initial investigation showed that there had been "external unauthorized access" to the payment processing system used at both merchandise and concession stands at Madison Square Garden, The Theater at Madison Square Garden, Radio City Music Hall, Beacon Theatre and The Chicago Theatre. The LoL Worlds quarterfinals were held at The Chicago Theatre from Oct. 13-16, while the semifinals took place at Madison Square Garden from Oct. 21-22.
The access, which included "the installation of a program that looked for payment card data as that data was being routed through the system for authorization," affected customers who swiped cards at the aforementioned venues from Nov. 9, 2015 to Oct. 24, 2016.
Any data contained in the card's magnetic stripe could be compromised, "including credit card numbers, cardholder names, expiration dates and internal verification codes," according to the press release. According to MSG, not all cards used during the time period were affected.
The release states that MSG became aware of the issue near the end of October, and that it has since been corrected. Additionally, it clarifies that purchases online, on Ticketmaster, or at the box offices at the venues were not affected by the intrusion.
"After learning of a transaction pattern indicating a potential data security concern, MSG immediately initiated an investigation and engaged leading computer security firms to examine its network, fix the issue and implement enhanced security measures," MSG said in the statement.
"The independent forensic investigation shows that no further cards were accessed after the time when signs of unauthorized access were identified. Customers may use their cards with confidence at MSG venues. The company takes seriously the protection of customer information and is in the process of notifying customers to provide them with information on how they can protect themselves."
Kimberley Kerns, the senior vice-president of communications for The Madison Square Garden Company, said that they would not offer any comment beyond the statement.
A representative for Riot Games could not be immediately reached for comment.
Cardholders should immediately report any suspicious charges to their card issuer; a phone number is typically noted on the back of the card. MSG has also stated that customers with questions can contact them by phone at (844) 319-9619 from 9 a.m. to 9 p.m. ET, Monday to Friday (excluding major holidays).
Last updated Nov. 24 at 8:15 a.m. ET.
Josh "Gauntlet" Bury is a news editor for theScore esports. You can find him on Twitter.
Sasha Erfanian is a news editor for theScore esports. You can find him on Twitter.