ShinyHunters allegedly breached Madison Square Garden Entertainment by socially engineering a low-level employee over the phone and stealing Microsoft Entra credentials, then published a 45GB archive after a failed "pay or leak" extortion attempt. Reporting says the intrusion exposed data tied to Madison Square Garden, Radio City Music Hall, the Beacon Theatre, and the Sphere in Las Vegas, with the dumped records including customer and support data, internal corporate and talent files, and other sensitive operational information.
The leaked dataset reportedly affected about 9.8 million unique email addresses and included nearly 5 million street addresses with names and phone numbers, roughly 9,500 dates of birth, and additional employment and customer relationship records. Multiple reports also say the breach exposed highly sensitive surveillance and biometric information, including facial-recognition-related records, celebrity threat profiles, activist dossiers, and internal watchlist data, prompting class action lawsuits and renewed scrutiny of MSG's identity security and facial recognition practices.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
5 events from the most recent confirmed update back to the earliest known activity.
The breach triggered multiple class action lawsuits, including at least one alleging that biometric data from concertgoers was exposed. The legal actions also intensified scrutiny of MSG's facial-recognition and surveillance practices.
In June 2026, Madison Square Garden Sports was targeted in a ShinyHunters 'pay or leak' extortion campaign following the intrusion. The campaign affected staff and customers and involved allegedly stolen corporate and customer data.
On June 16, 2026, the threat actor published a 45GB archive of allegedly stolen MSG data after the extortion attempt. Reports say the leak exposed roughly 9.8 million email addresses and extensive customer, employment, surveillance, and biometric-related records.
On June 12, 2026, ShinyHunters reportedly announced it had stolen Madison Square Garden company data and threatened to release more than 26 million records unless a ransom was paid. The announcement marked the public start of the group's pay-or-leak pressure campaign against MSG.
ShinyHunters allegedly compromised Madison Square Garden Entertainment on June 5, 2026 by socially engineering a low-level employee over the phone and stealing Microsoft Entra credentials. Reporting says the intrusion relied on human deception rather than a disclosed software exploit.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
6 references tracked. Mallory keeps watching after this page renders.
cysecurity.news
Open sourceteiss.co.uk
Open sourcethecybersecguru.com
Open sourcesecuritymagazine.com
Open sourcemalware.news
Open sourcehaveibeenpwned.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.