A hacking group claiming responsibility for a series of high-profile breaches has published data allegedly stolen from Madison Square Garden (MSG), according to reporting by 404 Media cited by WIRED. The leaked data, totaling 45GB and containing millions of records, includes customer personal information and references to players and coaches from the New York Knicks, who recently won their first NBA championship since 1973. The breach has already prompted a federal class action lawsuit.
The Madison Square Garden Data Breach
The published data, allegedly comprising millions of records across 45GB of files, includes potential personal information from customers as well as emails. One file in the sample reviewed by 404 Media purportedly includes the names of "talent," including Knicks members. Additionally, alleged emails in the stolen data include one man complaining about face recognition technology, a topic WIRED has previously reported on in relation to MSG's extensive use of surveillance technologies, including face recognition systems. MSG did not respond to a request for comment from 404 Media.
ShinyHunters' Recent Campaign
ShinyHunters, the hacking and extortion group behind the MSG leak, has been loudly proclaiming a slew of high-profile victims in recent months, according to WIRED. These include:
- Instructure, an education tech firm, causing disruption in thousands of schools.
- Kodak, the photography company.
- A key European human rights organization.
The group's tactics involve extortion and public release of stolen data.
Face Recognition and Privacy Concerns
The MSG breach highlights privacy concerns surrounding the venue's use of advanced surveillance. WIRED has recently reported on MSG's extensive use of surveillance technologies, including face recognition systems. The leaked emails include a complaint from an individual about face recognition technology. This incident parallels other uses of face scanners, such as at bars in San Francisco's Castro district using Patronscan technology to collect facial images and share data across a "safety network," as reported by Gazetteer SF.
Legal and Industry Fallout
After the story of the data leak broke, a federal class action lawsuit was filed over the alleged data breach, according to WIRED. The lawsuit adds legal pressure on MSG, which has not responded publicly. For enterprise IT leaders, this breach underscores the importance of robust cybersecurity measures, especially when handling sensitive customer data and operating surveillance systems. The incident also feeds into broader concerns about data privacy and the risks of collecting biometric information.
| Aspect | Details |
|---|---|
| Victim | Madison Square Garden |
| Data Volume | 45GB, millions of records |
| Content | Customer personal information, emails, references to Knicks players and coaches, complaints about face recognition technology |
| Attacker | ShinyHunters extortion group |
| Status | Data published; federal class action lawsuit filed; MSG declined comment |
As ShinyHunters continues to target organizations across sectors, the MSG breach serves as a reminder that no industry is immune. For technology buyers and security teams, the incident reinforces the need for proactive threat monitoring, incident response planning, and careful data governance, particularly when incorporating biometric and surveillance technologies.
Sources:
