It is being reported that hackers from ShinyHunters have dumped about 45GB of Madison Square Garden Sports data online after a failed extortion attempt, exposing internal “talent” profiles tied to Knicks-related figures and other celebrities, plus customer emails that reference MSG’s use of facial recognition and risk labels.
404 Media has the details here: https://www.404media.co/hackers-publish-knicks-and-madison-square-garden-data-online/
Brian Bell, CEO of FusionAuth, provided the following comments:
“While there will be plenty of commentary on the celebrity names, the most important aspect of the Madison Square Garden breach is the richness of the identity data. The reported inclusion of a customer complaint about MSG’s use of facial recognition is exactly why identity solutions and their data need to be treated as critical infrastructure. Businesses and their customers are only now realizing that protecting identity is about far more than logins and passwords.
A breach like this exposes decisions an organization made about people — who got flagged, who got sorted into which category — that most of them never knew existed. That’s a different kind of harm than a leaked credential. A password can be reset; a customer’s standing with a brand, once it’s public that they were quietly labeled, cannot. The people in the data carry the exposure, and the organization wears the reputational cost of every private decision it’s now shown to have made.
The industry still treats identity as a backend implementation detail when it should be critical infrastructure — the system that governs access, and everything it stores about people. Treat it that way and you govern it differently: how isolated it is, who can reach it, what the blast radius looks like when something fails. The organizations that come through this AI cycle in good shape will be the ones that made that shift before a breach made the decision for them.”
MSG needs to treat this as a today problem. Because frankly it is a today problem and any lesser response will ensure that the victims are fully exploited.
Related
This entry was posted on June 18, 2026 at 8:57 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Hackers Publish Knicks and Madison Square Garden Data Online
It is being reported that hackers from ShinyHunters have dumped about 45GB of Madison Square Garden Sports data online after a failed extortion attempt, exposing internal “talent” profiles tied to Knicks-related figures and other celebrities, plus customer emails that reference MSG’s use of facial recognition and risk labels.
404 Media has the details here: https://www.404media.co/hackers-publish-knicks-and-madison-square-garden-data-online/
Brian Bell, CEO of FusionAuth, provided the following comments:
“While there will be plenty of commentary on the celebrity names, the most important aspect of the Madison Square Garden breach is the richness of the identity data. The reported inclusion of a customer complaint about MSG’s use of facial recognition is exactly why identity solutions and their data need to be treated as critical infrastructure. Businesses and their customers are only now realizing that protecting identity is about far more than logins and passwords.
A breach like this exposes decisions an organization made about people — who got flagged, who got sorted into which category — that most of them never knew existed. That’s a different kind of harm than a leaked credential. A password can be reset; a customer’s standing with a brand, once it’s public that they were quietly labeled, cannot. The people in the data carry the exposure, and the organization wears the reputational cost of every private decision it’s now shown to have made.
The industry still treats identity as a backend implementation detail when it should be critical infrastructure — the system that governs access, and everything it stores about people. Treat it that way and you govern it differently: how isolated it is, who can reach it, what the blast radius looks like when something fails. The organizations that come through this AI cycle in good shape will be the ones that made that shift before a breach made the decision for them.”
MSG needs to treat this as a today problem. Because frankly it is a today problem and any lesser response will ensure that the victims are fully exploited.
Share this:
Like this:
Related
This entry was posted on June 18, 2026 at 8:57 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.