Back to news
Cybersecurity Alert
June 17, 2026 by EmailMeNow IT Consulting

ShinyHunters Publishes 45GB of Madison Square Garden and Knicks Data After Failed Ransom

The ShinyHunters extortion group published nearly 45GB of allegedly stolen Madison Square Garden data after MSG declined to pay. Independent audits show msg.com at 44% and nyknicks.com at 30% on email and domain security.

Source: The National CIO Review / 404 Media

Data BreachShinyHuntersExtortionCybersecurityHospitality
Madison Square Garden and New York Knicks data breach after ShinyHunters extortion leak

The extortion group ShinyHunters published nearly 45GB of allegedly stolen Madison Square Garden (MSG) data online after what appears to have been a failed ransom demand, according to reporting from The National CIO Review and 404 Media.

The release landed just days after the New York Knicks won the 2026 NBA Finals, drawing unusual public attention to a breach that might otherwise have stayed in security circles.

What Was Published

Journalists who reviewed portions of the leak reported finding:

  • Customer correspondence, including emails about MSG’s facial-recognition policies
  • Internal talent and relationship records tied to former Knicks players, coaches, celebrities, and family members of executives
  • Fields such as addresses, contact details, appearance fees, representative information, and biographical notes
  • Internal risk designations — individuals labeled “Low Risk” or “High Risk” without published methodology

ShinyHunters posted a message alongside the dump stating that organizations that refuse to pay should expect stolen data to be published publicly. A group spokesperson told reporters the intrusion occurred on June 5, 2026.

Illustration: dark web leak site countdown threatening public data release after extortion deadline

Separate From the March Oracle Breach

This incident appears distinct from MSG’s earlier disclosure. In March 2026, MSG confirmed a breach involving Oracle’s E-Business Suite environment — reporting tied that compromise to the Cl0p ransomware group, which later named MSG as a victim.

The newly published ShinyHunters data involves different threat actors and likely different systems. At the time of reporting, MSG had not publicly responded to requests for comment on the new leak.

Post-Incident Security Posture Assessment

We ran independent EmailMeNow Cybersecurity Audits against MSG and Knicks public-facing domains on June 19, 2026:

Organization (Domain)OverallRisk Level
Madison Square Garden (msg.com)44%High Risk
New York Knicks (nyknicks.com)30%Critical Risk
Madison Square Garden venues (thegarden.com)54%Average

Key takeaways:

  • nyknicks.com (30%, Critical Risk) sits in the weakest compliance band — the kind of gap that makes customer and partner email impersonation easier after a data leak.
  • msg.com (44%, High Risk) and thegarden.com (54%, Average) also fall short of the 100% ideal for organizations that handle ticket buyer and VIP correspondence at scale.

These public-facing scores do not prove how the ShinyHunters intrusion occurred, but they illustrate the identity and transport weaknesses common at large venues before and after steal-and-leak campaigns.

Illustration: attacker viewing stolen customer records in a cloud CRM dashboard via compromised API tokens

Audit links:

Why This Matters for Texas Organizations

Modern extortion groups like ShinyHunters often skip encryption-heavy ransomware in favor of steal-and-leak pressure campaigns — the same pattern documented in our April 2026 ShinyHunters roundup and FBI IC3 alerts.

For venues, sports franchises, and hospitality operators — including Texas arenas, event promoters, and ticket vendors — the MSG leak highlights three risks:

  1. Relationship-management databases are high-value targets. Talent fees, VIP contact lists, and internal risk ratings are embarrassing and useful to attackers.
  2. Failed ransom negotiations now mean public dumps, not quiet recovery — incident response plans must assume data will be published.
  3. Repeat compromises are possible. MSG’s Oracle breach and this ShinyHunters leak suggest separate entry points; one cleanup does not eliminate residual exposure.

Illustration: executive receiving encrypted extortion demand with ransom deadline and threat of public data leak

Defensive Takeaways

  • Treat SSO and help-desk social engineering (vishing) as primary ShinyHunters TTPs — enforce MFA, callback verification, and privileged-access monitoring.
  • Minimize sensitive categorization data in operational systems; if you track VIP or high-risk patrons, assume those fields could become public.
  • Prepare customer and partner notification templates before a leak site countdown expires — regulatory filings often follow public dumps.
  • Review hospitality and retail breach trends in state AG data for sector-specific exposure patterns.

Protect ticket buyers, members, and VIP contacts.

Run a free Instant Cybersecurity Audit at audit.emailmenow.com/?industry=hospitality-retail or contact EmailMeNow IT Consulting for incident response planning and email security hardening.


Sources: The National CIO Review · 404 Media — Hackers Publish Knicks and Madison Square Garden Data Online · EmailMeNow audits — msg.com · nyknicks.com · thegarden.com