A massive data breach at Madison Square Garden has exposed the facial recognition and personal records of millions of visitors, sparking outrage and legal action. The cybercrime group ShinyHunters leaked 45 gigabytes of stolen data after the arena’s parent company missed a ransom deadline, raising serious concerns about biometric privacy and surveillance.
The breach, which reportedly occurred on June 5, 2026, involved the theft of what hackers claim are 26 million customer and corporate records. The leaked files include biometric tracking logs, internal threat assessments, background check information, and detailed dossiers on attendees—some dating back to 2018. Among the exposed data were references to New York Knicks players, coaches, and talent, with fields listing addresses, contact details, and even “cost of talent.” Customer emails were also part of the dump, including messages from fans who had previously expressed concern about being misidentified by MSG’s facial recognition cameras.
What makes this incident particularly alarming is MSG’s extensive use of facial recognition technology across its venues. For years, the arena has deployed biometric systems to screen visitors—and controversially, to ban lawyers from firms that have sued the company. The leaked surveillance records now reveal how deeply the venue tracked individuals, creating detailed profiles without clear consent. Privacy advocates argue this breach underscores the risks of unchecked biometric data collection, especially when security practices fail to protect such sensitive information.
In the wake of the leak, a federal class-action lawsuit—Avalo v. MSG Entertainment—was filed on June 16 in a New York court. The plaintiff, Carlos Avalo, alleges his biometric data was captured during a 2025 concert visit without proper disclosure or consent. The suit seeks at least $5 million in initial damages and highlights violations of biometric privacy laws. This is not MSG’s first major breach in under a year, further eroding trust in the company’s ability to safeguard visitor data. Despite repeated requests, MSG Entertainment has not publicly confirmed the full scope of the breach or commented on the lawsuits.
The ShinyHunters group, known for targeting high-profile organizations like Kodak and Instructure, claimed responsibility for the attack, alleging they gained access by socially engineering a low-level employee. The incident serves as a stark reminder of the vulnerabilities in even the most advanced surveillance systems—and the human element that often remains the weakest link. As investigations continue, the breach raises urgent questions about the ethics of biometric data collection, the adequacy of current privacy regulations, and the responsibilities of venues that turn guests into data profiles.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article:
