The Knicks had just won their first NBA championship in 53 years. Confetti was still in the air when ShinyHunters posted 45 gigabytes of Madison Square Garden’s internal data to their dark web leak site. The timing was not a coincidence.
On June 5, 2026, the same day New York celebrated its long-overdue sports victory, someone at MSG Entertainment answered a phone call they probably thought was routine. That call, a voice phishing attempt targeting a low-level employee, handed ShinyHunters access to Microsoft Entra, the identity platform MSG uses to manage its corporate network. What followed was a methodical exfiltration of over 26 million records spanning customer tickets, internal talent assessments, celebrity threat profiles, and, most troublingly, the biometric facial recognition data of millions of people who thought they were just going to a concert.
This is not the story of a zero-day exploit or some sophisticated nation-state intrusion. It started with a phone call and ended with one of the most invasive data exposures in sports and entertainment history.
What ShinyHunters Stole
Before getting into the mechanics, let’s go through what the dump actually contains, because the breakdown matters.
According to 404 Media’s Joseph Cox, who downloaded and reviewed the 45GB compressed archive after it was published on June 16, the dataset includes multiple distinct data categories:
Customer records (ticketing and support): A data engineer at DataBreach.com who reviewed the files told The New York Times the breach contained approximately 9.8 million email addresses, just under 5 million street addresses with full names and phone numbers attached, and around 9,500 dates of birth. These were drawn from ticketing systems and customer support interactions, consistent with MSG’s venue operations across the Garden, Radio City Music Hall, the Beacon Theatre, and the Sphere in Las Vegas.
Internal “Talent” files: A folder labeled Talent contained records on former Knicks players, coaches, MSG executive family members, and celebrities. Each record included fields like “claim to fame,” “cost of talent,” home addresses, direct contact information for representatives, and in some cases a “threat assessment” field. The criteria behind those threat ratings were not documented in the files. Actor Ben Stiller appears as “Low Risk.” Rapper A Boogie wit da Hoodie is listed as the sole “High Risk” entry in the reviewed portion. No justification is recorded for either classification.
Facial recognition records and biometric data: The leak reportedly includes surveillance logs connected to MSG’s facial recognition entry systems, internal security assessments generated by those systems, and background check data. The full scope of exposed biometric identifiers has not been independently confirmed, but the class action lawsuit filed the day after publication alleges biometric data was captured from concertgoers and later exposed.
Customer complaints about facial recognition: This is the detail that has drawn the most commentary from security professionals. One leaked email in the reviewed sample involves a customer who wrote to MSG expressing concern about being flagged or misidentified by the venue’s facial recognition cameras. That complaint was stored inside the same system being used to run facial recognition. MSG was keeping surveillance complaint records alongside the surveillance apparatus itself.
The activist dossier: A Word document titled “Facial Recognition Activists.docx,” stored inside a folder named “Activists” and accessible from an MSG SharePoint instance, contains detailed profiles on three people who publicly criticized the company’s facial recognition program: Evan Greer, director of Fight for the Future; Albert Fox Cahn, founder of the Surveillance Technology Oversight Project; and Adam Schwartz, privacy litigation director at the Electronic Frontier Foundation. Each profile includes background information, social media handles, follower counts, screenshots of tweets, and quotes from media coverage. One entry is dated December 23, 2022, the timestamp on a tweet Greer had posted 16 hours before it was captured. The document also misgendered Greer, a trans woman.
The total compressed archive is 45GB and represents, according to ShinyHunters, over 26 million customer and corporate records across MSG Sports, the Knicks organization, and the New York Rangers hockey franchise.
The Attack Vector: Vishing into Microsoft Entra
404 Media confirmed through sources familiar with the investigation that ShinyHunters gained initial access to MSG’s environment through a vishing call, short for voice phishing. A low-level MSG employee received the call, was socially engineered into surrendering their credentials, and that access gave the attackers entry into Microsoft Entra, formerly Azure Active Directory, which MSG uses as its enterprise identity and access management platform.
This is the same playbook ShinyHunters ran against Charter Communications in April 2026, where they called a Charter employee, impersonated IT support, obtained Microsoft Entra credentials, and pivoted directly into the company’s Salesforce instance to extract 13 million customer records. It is also how they breached ADT the same month, in that case compromising an Okta SSO account before moving laterally into Salesforce and exfiltrating data on 5.5 million customers.
The pattern is consistent enough that Mandiant, Google’s threat intelligence unit, tracks three distinct ShinyHunters-affiliated vishing clusters. The one relevant here, UNC6240, has been associated with Salesforce-focused vishing campaigns since 2025. UNC6661, a related cluster Mandiant began tracking in January 2026, adds PowerShell execution post-compromise to pull data from SharePoint and OneDrive. The presence of an “Activists” folder accessible from an MSG SharePoint instance in the leaked data fits exactly this post-compromise lateral movement pattern.
The technical flow in vishing attacks of this type follows a documented sequence. Attackers begin with OSINT: identifying the target organization’s SSO provider, the help desk phone number, and the identity of specific employees reachable by public directory or LinkedIn. They then spoof the help desk number and call the target, impersonating IT support and claiming an account security issue. The employee is directed to a victim-branded phishing page, typically hosted at a domain like [companyname]internal.com or [company]-helpdesk.com, which mirrors the Entra or Okta login portal exactly. When the employee enters credentials, the attacker captures them in real time. If MFA is in use, attackers may relay codes in real time as the employee enters them, or push fatigue attacks to exhaust the victim into approving a fraudulent authentication request.
Okta has publicly confirmed a surge in this technique, noting that attackers arrive already knowing which identity platform a target organization uses and come prepared with convincing spoofed environments. Google’s Mandiant CTO Charles Carmakal has explicitly named ShinyHunters as the primary driver of the current wave.
Once inside an SSO environment like Entra, the lateral reach is extensive. Entra manages authentication across Microsoft 365, SharePoint, Teams, and any third-party SaaS applications integrated via SAML or OAuth. MSG’s environment, based on what appeared in the leak, included at minimum SharePoint (where the activist dossier lived), internal talent management databases, and customer-facing ticketing systems. Whether the attackers also reached Salesforce or another CRM, as they did at Charter and ADT, has not been confirmed in reporting to date.
MSG’s Facial Recognition Architecture
This breach would be newsworthy with any large dataset. What makes it different is what was being surveilled in the first place.
MSG has operated a facial recognition system across its venues since 2018. The technical stack, documented in a detailed Wired investigation by Pablo Torre and Noah Shachtman published in April 2026, has two primary components.
The first is eConnect, a commercial facial recognition platform that processes facial data at venue entry points and generates what the company internally calls instant “digital dossiers” on flagged individuals. When a face matches an entry in the watchlist, the system routes an alert through priority scoring. Individuals classified Priority 2 are flagged with “OBSERVE: DO NOT APPROACH.” Higher priority entries trigger different responses.
The second component is Xtract One’s SmartGateway, an AI-powered camera system physically integrated with metal detectors at arena entrances. Xtract One claims its hardware can process 40 people per minute, meaning the entire incoming crowd for a sold-out Knicks game, roughly 20,000 people, can be scanned in under 10 minutes. Every person who walks through those entrances has their face captured.
When a face is flagged, MSG’s internal process calls for building “work-ups”: deeper profiling dossiers on the individual. These contain confirmed personal identification, behavioral notes, movement logs from camera feeds, and in some cases social media monitoring results. The security chief, John Eversole, has been in the role since 2018 and is described in multiple whistleblower accounts and the Wired investigation as the architect of the watchlist and profiling program.
The Wired investigation documented the most detailed known example of how these work-ups function. A trans woman identified pseudonymously as Nina Richards was tracked by MSG security across two years of Knicks game attendance. An 18-page internal dossier compiled by MSG’s Threat Management Group logged her movements in minute-by-minute detail during a single January 2022 game, including the timestamps of when she entered and exited the bathroom. Former MSG employees told Wired that she posed no security threat. The surveillance was driven by Eversole’s reported concern that her proximity to the court could “damage MSG’s reputation” if captured on broadcast cameras. She was eventually banned from MSG after a stalking allegation that a former security officer, Donnie Ingrasselino, alleges in his own lawsuit was fabricated.
Richards was not an isolated case. MSG’s watchlist grew in other documented directions. Starting in June 2022, Eversole reportedly visited the websites of more than 90 law firms that had active or past litigation against MSG, scraped the attorney profile photos from those sites, and fed approximately 1,200 of them into the facial recognition system. Any lawyer whose firm had ever sued MSG, regardless of whether they personally worked on MSG matters, could be turned away at the door. A mother attending a Radio City Christmas show was blocked because a coworker had an unrelated dispute with Dolan. A graphic designer who once made a “Ban Dolan” t-shirt was flagged and barred. A 14-year-old in Colorado who posted something critical on Twitter was in the system. A separate Verge report from earlier this year described a man who had not set foot in an MSG venue in decades being stopped at the entrance because of a shirt he designed years earlier.
MSG’s security staff also reportedly conducted social media monitoring for “sell the team” chants, ran neighborhood patrols staffed by ex-law enforcement personnel, and coordinated real-time alerts through an internal group chat called “Top Flight Security.”
The New York Attorney General Letitia James investigated the ban on lawyers. A state court initially ruled the practice violated anti-discrimination law. An appeals court later reversed that ruling.
The Activist Dossier and What It Proves
The “Facial Recognition Activists.docx” file recovered from MSG’s SharePoint is technically a minor artifact within a 45GB breach. It’s a Word document. It contains three profiles. In a dataset claiming 26 million records, it barely registers by size.
But it matters in a way the raw data volume doesn’t.
The three people profiled, Greer, Cahn, and Schwartz, are among the most prominent voices in the country opposing corporate facial recognition. Greer directs Fight for the Future, which has organized campaign pressure against biometric surveillance at venues. Cahn founded STOP, the Surveillance Technology Oversight Project, which pushed for the New York City bills restricting government facial recognition use. Schwartz leads privacy litigation at the EFF and has been a named attorney in challenges to federal and local facial recognition programs. All three have been cited in major media coverage of MSG’s own surveillance practices.
MSG was not just tracking who enters its doors. It was tracking who criticized the program used to track who enters its doors.
The document, stored in a shared SharePoint folder accessible to multiple MSG staff, suggests this was not a single employee’s personal research project. It was institutional. It was filed. It had a folder. It was dated, cross-referenced to specific social media posts, and organized with background sections for each individual. It was the kind of file a security department or legal department would maintain as a reference document, not a personal curiosity.
Greer’s response was direct: “The fact that MSG is creating dossiers on activists who say things they don’t like shows exactly why private companies should not be allowed to use dangerous surveillance technologies like facial recognition. Large companies can and will use surveillance tech to punish critics, exploit workers, and consolidate power, with no regard for the basic rights they trample in the process.”
Schwartz, whose profile was also in the document, noted that the breach itself creates an obvious opportunity: “The wake of a data breach would be a good time for Madison Square Garden to stop subjecting its patrons to biometric surveillance.”
MSG’s Data Security Track Record
This is the second major breach at MSG in under a year, and it is not the company’s first security failure by a wide margin.
Between 2015 and 2016, hackers compromised MSG visitor payment card data through point-of-sale terminals across multiple venues. The breach ran for months.
In August 2025, the Cl0p ransomware group exploited a vulnerability in a third-party vendor’s Oracle E-Business Suite application that MSG used for payroll and HR functions. The intrusion ran undetected from August through December 16, 2025, when it was finally discovered. Disclosed in February 2026, the incident exposed names, home addresses, and Social Security numbers of approximately 131,070 individuals, primarily employees and contractors. The group eventually published over 210GB of archived MSG business records after the company declined to pay.
The ShinyHunters breach in June 2026 is a separate incident on different infrastructure, targeting different systems. Two different threat actors, two different attack vectors, two major exposures within 10 months. The class action complaint filed by Carlos Avalos, who attended a concert at MSG in September 2025 and alleges his biometric data was captured at entry, puts it plainly: “This is not MSG’s first major data breach. And yet, Defendant continued to collect, retain, and otherwise use the personal information of consumers to create threat assessments and for other purposes despite showing it was clearly incapable of handling this sensitive data.”
Three class action lawsuits have now been filed. At least one specifically addresses biometric data exposure. The Avalos case seeks a minimum of $5 million in initial damages.
ShinyHunters in 2026: Industy-Scale Extortion
This breach did not happen in isolation. It is one data point in what has become ShinyHunters’ most aggressive campaign since the 2024 Snowflake supply chain attacks that compromised Ticketmaster (560 million records), AT&T (109 million call records), and Santander Bank (30 million records). AT&T reportedly paid $370,000 to have the data deleted.
In 2026, the group’s confirmed or claimed victims read like a corporate breach digest: Instructure Canvas, 275 million student records across 9,000 institutions; Charter Communications, up to 42 million customer records; ADT, 5.5 million customers; Ralph Lauren, 200GB of data including personal information; Rockstar Games, 78.6 million records via Anodot token abuse; the European Commission, 350GB of data from 42 internal clients. Darktrace research cited in reporting on the MSG breach found that 84% of professional sports organizations experienced a cyber incident in the past 12 months, and 57% were hit more than once.
The FBI issued a formal public service announcement about ShinyHunters in May 2026, describing them as a group “specializing in large-scale data breaches and extortion” that targets “major companies across tech, finance, and retail,” and warning that the group has used harassment tactics, including swatting, against victims and family members.
Mandiant links ShinyHunters to The Com, an international cybercrime network that also includes Scattered Spider and remnants of Lapsus$. The 2026 campaign has used three primary attack vectors. First, vishing to harvest SSO credentials from Entra, Okta, and Google accounts, then pivoting into connected SaaS platforms. Second, exploitation of Salesforce Experience Cloud misconfigurations that exposed customer data through anonymous API access. Third, OAuth supply chain attacks targeting third-party integrations with excessive permission scopes, including the August 2025 abuse of Salesloft Drift tokens (discovered via TruffleHog scanning of code repositories) that gave access to approximately 760 downstream Salesforce customer organizations.
The group added a fourth vector in June 2026: exploitation of CVE-2026-35273, a critical remote code execution zero-day in Oracle PeopleSoft PeopleTools versions 8.61 and 8.62, rated CVSS 9.8. The vulnerability sits in the Updates Environment Management component, specifically the Environment Management Hub (PSEMHUB) endpoints, and requires no authentication, no user interaction, and only HTTP network access to achieve remote code execution. ShinyHunters chained it with older known vulnerabilities using a “gadget chain” approach and automated the exploitation with purpose-built scripts. Between May 27 and June 9, they claimed to have compromised 300 PeopleSoft instances across more than 100 organizations, two-thirds of them universities. Oracle published its out-of-band advisory for CVE-2026-35273 on June 10, the day the campaign was publicly reported. It was a zero-day the entire duration of the attack.
The MSG breach, however, was not the PeopleSoft vector. The vishing-to-Entra path was simpler, faster, and required no exploit development at all.
What This Means for Users
Anyone who purchased a ticket to an MSG venue, contacted customer support, or attended an event at the Garden, Radio City Music Hall, the Beacon Theatre, or the Sphere in recent years should assume their contact information is now publicly accessible on a dark web leak site.
That means full name, email address, physical address, and in some cases phone number and date of birth. That information is sufficient to construct convincing phishing emails or SMS messages. Expect to receive communications that reference your MSG account, past purchases, or recent events with requests to click a link, verify payment details, or reset a password. These will be targeted and they will look real because the attackers have enough context to make them look real.
For anyone whose face was scanned at entry, the exposure is more complicated. Whether the leaked files include raw biometric templates, embeddings from the facial recognition models, or processed watchlist records is not yet confirmed. Biometric data cannot be changed. A leaked password gets reset. A leaked facial recognition embedding is permanent.
For the Knicks players, coaches, executives, and celebrities whose records were in the Talent files, the risks are different again. Home addresses, representative contact information, appearance fees, and internal threat classifications are now public. That is a physical security concern and a social engineering vector simultaneously. The internal categorizations, “Low Risk,” “High Risk,” undocumented criteria, are now on record as something MSG assigned to real people without their knowledge. As FusionAuth CEO Brian Bell noted in coverage of the breach: “A password can be reset; a customer’s standing with a brand, once it’s public that they were quietly labeled, cannot.”
The Technical Lessons
A few specific things failed here that are worth naming clearly.
MSG’s Microsoft Entra environment was apparently accessible in a way that a single compromised low-level account could provide lateral movement into sensitive data stores including SharePoint, talent management systems, and ticketing infrastructure. That is an access segmentation failure. Identity governance frameworks require least-privilege access controls, meaning a call center employee’s credentials should not open doors to internal HR documents, celebrity databases, and facial recognition logs.
The vishing attack succeeded because whoever answered that call was either not trained to recognize the red flags or was not equipped with a verification process that would have caught the attacker. Organizations defend against this with out-of-band verification requirements: if someone claiming to be IT calls and asks for credentials or account changes, the employee should hang up and call IT directly through an internal directory. It sounds simple. It works. MSG apparently did not have that procedure enforced, or the employee was new enough that they did not know it existed. CrowdStrike research identifies new employees and those in HR, IT, and call center roles as the most frequent vishing targets, exactly because they are trained to be helpful to internal requests.
The SharePoint folder containing the activist dossier being accessible from within the broader Entra environment is a data governance failure. Sensitive internal documents tracking named individuals’ political activities should not sit in a broadly accessible shared folder. It should not exist at all, but if it does, it should be locked behind explicit access controls with logging.
MSG’s facial recognition system represents a category of infrastructure that the security industry has not fully grappled with. Biometric data collected at scale for security purposes creates an enormous data liability. The more comprehensive the surveillance records, the higher the value to attackers. The eConnect platform and Xtract One cameras at MSG entrances were collecting biometric identifiers from every person who walked through the door. That data was stored, linked to customer records, and used to generate watchlist profiles. When the corporate network was breached, that trove was accessible.
The inverse logic is uncomfortable but real: the more capable the surveillance system, the worse the breach when it happens.
The Legal and Regulatory Aftermath
Three class action lawsuits filed within days. One federal, named Avalos v. Madison Square Garden Entertainment, specifically targets biometric data exposure under what appears to be an Illinois Biometric Information Privacy Act (BIPA)-style negligence theory, even though MSG is a New York venue. That case is likely to test whether venue-level biometric collection, unnotified to attendees, meets the state law standards of several states whose residents were affected.
Virginia’s biometric privacy law took effect in July 2026. New York has no equivalent at the state level, though New York City has restrictions on commercial use of biometric data. Illinois BIPA remains the strongest enforcement mechanism in the country for private-sector biometric collection.
The New York Attorney General’s office previously opened an investigation into MSG’s use of facial recognition to ban attorneys. That investigation remains open. The breach and the activist dossier finding add new factual record to whatever that investigation produces.
The activist dossier also raises a question no lawsuit has yet addressed directly: does maintaining a database tracking individuals’ political speech and advocacy, organized by an internal “Activists” folder, amount to retaliation against protected First Amendment-adjacent activity when the company uses the same facial recognition system to potentially bar those individuals from the venue? The EFF has not filed against MSG specifically on this point yet. That may change.
Final Observation
The irony here is not subtle but worth saying plainly. MSG deployed one of the most aggressive private facial recognition systems in the country. It tracked people’s bathroom breaks to the second, ran lawyers off the premises because their employers once filed briefs against MSG subsidiaries, compiled a dossier on the activists calling for restrictions on exactly this kind of surveillance, and stored all of it in a corporate network accessible through a single vishing call.
The surveillance state MSG built for itself became the attack surface. The data collected to monitor others became the data stolen to expose everyone.
Adam Schwartz of the EFF, one of the three people in that dossier, has spent years litigating against facial recognition overreach. He ended up in MSG’s internal files because of it. Then those files became public because MSG could not secure the same infrastructure it used to profile him.
There is no version of that story that ends well for facial recognition as an unregulated corporate tool. The question is whether it ends with legislation or just with the next breach
