Week in Review: Madison Square Garden, London Tube & Michigan State University

Media Division | December 9, 2016

Another exciting week in the cyberverse today. Hacking venues, hijacking trains and higher ed: another week of getting schooled in the ways of attacks and hacks.

Here’s a look at three of the top stories in cyberland this week.

Event Takeover

How long does it take to discover you’ve been hacked?  According to some estimates, 200 days or more.  In keeping with that pace, we learned this week that Madison Square Garden may have been hacked as early as November 9, 2015.  The hack was discovered on October 24, 2016.  That means if you paid with a credit card in that time, your information may be compromised.  The hack affected:

• Radio City Music Hall
• Beacon Theater
• Chicago Theater
• Merchandise, food or beverages purchases at Madison Square Garden
• The Theater at Madison Square Garden

Credit card purchases at any of those locations, within those dates, may have been subjected to a virtual skimming tactic, where external access reached the internal point of sale system.

No culprits, nor even confirmation of a sale of the credit card data, have been located.  So, at this point officials are just recommending keeping an eye on your credit card statement for unauthorized charges (which you do at least monthly already, right?).

Advert Takeover

You’ve heard of digital billboards being hacked, even in places like Times Square.  (Ample videos and tutorials of, often hilarious, digital billboards are online).  Well, how about a more old school hijack? A feminist activism group called Sisters Uncut took over advertising displays inside London trains, managing to put almost 100 stickers inside.

Sample messages include: “Demand a strategic plan for all domestic violence survivors. Regardless of immigration status. That supports black and brown. Disabled and LGBT+ survivors.” Also, “You block our Bridges, We block yours. Four out of five women of color who approach refuges for help are turned away.”

The messages protest what the group identifies as societal double-standards and insufficient support for victims of domestic violence. The British government recently pledged to aid Women’s refuges in the country, but opponents say the funds are insufficient, in the wake of recent shelter closures across the country.

The hijack seems to have been heard: #sistersuncut exploded on Twitter.

College Takeover

October is the beginning of application season for would-be college students, with tensions increasing every month.  Add to the stress the fact that personal information might not be secure: data breaches at college campuses give hackers potential access to all kind of personal information.  The most recent school to earn this dubious distinction? Michigan State University, where student information was recently stolen.

So why hack a college? (Other than as the plot of a teen-centric movie?).  Colleges’ records potentially contain all kinds of hackable data, including:

• Student social security numbers
• Student records
• Parent financial information and social security numbers
• School employee personal information and social security numbers
• Alumni data, including potentially personal information
• Donor information and potentially credit card numbers or bank wire information

In an era where just about any data fetches a price on the cyber black market, colleges look like a gold mine comparable to healthcare facilities, particularly large schools with thousands of students and hundreds of employees.

Avoid the Next Takeover

So how do you avoid the next takeover?  General advice always still applies: never giving out personal information when you do not need to, paying with cash or more secure methods and, of course, keeping a look out for tube riders with giant stickers.  (Maybe that’s not so general).

At any rate, stay tuned for weekly hack-prevention lessons from real life cyber news here in your “week in review.”

MEDIA DIVISION
Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.