Madison Square Garden Sports 2026.0 Data Breach

Madison Square Garden Sports 2026 Circulating Data Breach | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

ShinyHuntersSocial EngineeringCustomer Service RecordsDate of BirthEmail AddressFull NamePhone NumberPhysical Address
High SeverityWebsite / service breach

Madison Square Garden Sports 2026 Circulating Data Breach

US sports and live-entertainment company; owner of the New York Knicks (NBA) and New York Rangers (NHL).

Verified by ObscureIQ Intelligence
100/100Breach Risk Index
40Data Value
100Market Recency
12dSince Breach

Breach Intelligence Summary

Entity: Madison Square Garden Sports · Actor: ShinyHunters · Sources: 2 references
Attack: Social Engineering
Profile: Sports & entertainment · Live events and venues · Professional sports teams · USA
Timeline: Breach (2026-06-05) · Year (2026.0)
Exposure: ~9.8M emails (HIBP ~10M; 26M records claimed); ~5M street addresses records · 6 fields: Customer Service Records, Date of Birth, Email Address, Full Name, Phone Number, Physical Address
Status: Confirmed

Executive Summary

In June 2026, Madison Square Garden was targeted in a ShinyHunters "pay or leak" extortion campaign. Initial access came via a vishing (voice-phishing) call to a low-level employee, yielding Microsoft Entra identity access to MSGs client and talent databases. After MSG missed a June 15 ransom deadline, the group published roughly 45GB of data on June 16. The published set included almost 10 million unique email addresses spanning staff and customers, along with names, phone numbers, physical addresses (close to 5 million street addresses), customer-service records, and about 9,500 dates of birth. The attackers claimed roughly 26 million customer and corporate records overall and said the dump also contained Social Security numbers, credit scores, background-check data, facial-recognition/biometric surveillance records, and internal "threat assessments" profiling celebrities and talent (with representative contacts and "cost of talent" fields). Three-plus class actions have followed.

ObscureIQ assessment: Targeting-grade, not merely identity-theft-grade. Attendance records plus home address establish pattern-of-life for frequent venue-goers; leaked representative/relationship contacts fuel impersonation of principals to their own staff (the same vishing vector that caused the breach); and any leaked facial-recognition templates are a permanent, non-rotatable exposure. Response shifts from "monitor credit" to "harden physical and communications posture."

Breach Impact

For ordinary customers this is a large-scale phishing and identity-profiling exposure. For high-profile individuals it is materially more dangerous: the leak is a curated, pre-structured intelligence product (home address, attendance/pattern-of-life, associates and representative contacts, and in some cases a literal risk label), enabling physical predictability, high-credibility impersonation/social engineering, and permanent biometric exposure. Multiple class actions are active in the S.D.N.Y.

About Madison Square Garden Sports

Madison Square Garden Sports Corp. (Dolan-controlled) is a US sports company that owns and operates the New York Knicks (NBA) and New York Rangers (NHL), within the wider Madison Square Garden family of venues and entertainment brands.

Why They Hold Your Data

MSG collects customer identity and contact data, ticketing and customer-service records, VIP/talent profiles, and biometric facial-recognition data from its venue-screening program across Madison Square Garden, Radio City Music Hall, the Beacon and Chicago Theatres, and The Sphere.

Data Points Exposed

6 verified field types
Customer Service Records
Date of Birth High
Email Address
Full Name High
Phone Number
Physical Address

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Physical pattern-of-life targeting from address + venue attendance
  • High-credibility impersonation/vishing using representative and relationship data
  • Permanent biometric/faceprint exposure (cannot be revoked)
  • Tailored phishing citing real MSG attendance/ticket details
  • Conventional identity theft where SSN/DOB present
Threat vectors:

Threat Actor: ShinyHunters

ShinyHunters
Social Engineering

Attribution and method are based on available breach intelligence. Reported attack vector: Social Engineering.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the Madison Square Garden Sports breach?

In June 2026, Madison Square Garden was targeted in a ShinyHunters "pay or leak" extortion campaign. Initial access came via a vishing (voice-phishing) call to a low-level employee, yielding Microsoft Entra identity access to MSGs client and talent databases. After MSG missed a June 15 ransom…

What data was exposed?

Verified fields include Customer Service Records, Date of Birth, Email Address, Full Name, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
OIQ + HIBP + independent media
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation