ShinyHunters Leaks 26M Madison Square Garden Records After Ransom Deadline Passes
The ShinyHunters extortion gang published over 42 GB of data allegedly stolen from Madison Square Garden, including customer records and internal files, after the company failed to meet a ransom deadline.
The ShinyHunters extortion gang has published what it claims is stolen data from Madison Square Garden Entertainment, releasing over 42 gigabytes of files after the organization allegedly declined to pay a ransom. The leak, which appeared on the group's leak site on June 16, 2026, contains more than 26 million records including ticketing operations, customer account details, and internal corporate documents tied to both the New York Knicks and New York Rangers franchises. The group claimed the intrusion occurred on June 5 and that MSG "failed to reach an agreement" despite "all the chances and offers we made."
The leaked dataset includes files referencing Knicks-related personalities alongside internal categorization fields containing address, claim to fame, cost of talent, and direct contact information for those individuals or their representatives. Notably, files indicate that actor Ben Stiller is categorized as "low risk" by MSG, while rapper A Boogie wit da Hoodie is categorized as "high risk." A lawsuit filed Tuesday alleges that hackers accessed sensitive visitor data through MSG's surveillance and facial recognition systems. Plaintiff Carlos Avalos claims his personal information was collected when he attended a concert at MSG in September 2025 and alleges the company has not yet notified those affected.
ShinyHunters, active since at least 2019, is linked to multiple high-profile data breaches, including incidents affecting Okta, AT&T, and Tokopedia. Its typical approach involves stealing sensitive data and using so-called "pay-or-leak" extortion tactics to pressure victims into paying. The group has been particularly active in recent months, with claims against the Council of Europe, Kodak, and Infinite Campus, among others.
This is the second major security incident to affect MSG in under a year. In 2025, the Cl0p ransomware group exploited an Oracle E-Business Suite vulnerability, exposing names and Social Security numbers for at least 38,393 individuals and ultimately leaking more than 210GB of archived MSG files after the organization declined to pay. The recurrence of a significant breach so soon after the Cl0p incident raises serious questions about MSG's security posture and incident response capabilities.
MSG has not yet confirmed the breach or issued a public statement regarding the ShinyHunters claims. The organization faces potential regulatory scrutiny under data protection laws, particularly given the sensitive nature of the exposed data, which includes customer PII and internal corporate documents. The lawsuit filed by Carlos Avalos could also lead to class-action litigation if other affected individuals come forward.
The breach underscores the persistent threat posed by extortion-focused cybercriminal groups like ShinyHunters, who continue to target high-profile organizations with valuable data. The incident also highlights the challenges organizations face in defending against determined attackers, especially when previous breaches have already demonstrated vulnerabilities in their systems. As the investigation unfolds, affected customers and partners will be watching closely for MSG's response and any steps taken to prevent future incidents.