ShinyHunters published 45GB of Madison Square Garden data, including facial recognition surveillance records

The cybercrime group ShinyHunters published 45GB of data stolen from Madison Square Garden Entertainment after the company missed a June 15 ransom deadline. The leaked material includes facial recognition surveillance records, internal threat assessments, and personal information from what the hackers claim are 26 million customer and corporate records. The breach occurred on June 5 and was made public on June 16, days after the New York Knicks won the NBA Finals. The data exposes biometric tracking logs, background check information, and detailed dossiers on attendees, including celebrities like Ben Stiller and A Boogie wit da Hoodie. A federal class action lawsuit was filed the following day by Carlos Avalo, who alleges his biometric data was captured at a September 2025 concert. The complaint accuses MSG of corporate negligence in failing to secure the data it collects, despite clear warnings from privacy advocates. This is MSG's second major breach in under a year, following a separate incident in February 2026 involving the Cl0p ransomware group. ShinyHunters has been on a sustained campaign in 2026, exploiting an unpatched Oracle PeopleSoft zero-day to breach over 100 organizations. The breach raises questions about the security of organizations that invest heavily in surveillance technology, as such systems create high-value data troves that attract cybercriminals.

(Source：TNW)