A data breach at Madison Square Garden led to millions of customer records being published online after a ransom demand was not paid. Here’s what happened, what information was leaked, and how you can better protect your personal information.
Table of Contents
What Happened?
The group reportedly stole about 45GB of company and customer data and demanded a ransom payment. When the payment deadline passed, the stolen files were published online.
The incident became public shortly after the New York Knicks won the NBA Championship in June 2026. MSG has not publicly confirmed making any ransom payment.
What Information Was Leaked and Who Was Affected?
The published files reportedly contained around 26 million customer records. Stolen information also included customer support emails and internal talent management files.
The talent files reportedly contained information such as:
- Home addresses
- Appearance fees
- Internal risk ratings
At the time of reporting, there was no confirmation that payment card information was stolen.
Even when financial information is not involved, personal information can still be valuable to criminals. Details from customer records can be used to create convincing phishing emails (fraudulent messages designed to steal information), fake phone calls, or impersonation attempts.
Many people focus on large breaches in the news, but they may not realize their information was affected in other incidents that received far less attention.
If you are not sure whether your information was leaked somewhere online, automatic monitoring can help you spot problems earlier.
Futureproof monitors your data for leaks 24/7 and helps you reduce scam risks with simple, clear steps.
Futureproof keeps your data safer with simple guidance to set a strong password, turn on 2-step verification, and lock down your account.
Check my safetyHow Did the Attack Happen?
MSG has not publicly shared exactly how the attackers gained access to its systems.
However, security experts noted that ShinyHunters frequently targets trusted business systems that store large amounts of customer and internal company information. The group is known for focusing on valuable databases that organizations may not consider their most sensitive assets.
At this stage, the company has not released technical details about the initial intrusion.
At Futureproof, Kevin explains digital safety in simple words, with clear tips and zero fluff. He holds a degree in information technology and studies fraud trends to keep his tips up-to-date.
In his free time, Kevin plays with his cat, enjoys board-game nights, and hunts for New York’s best cinnamon rolls.
