The extortion group ShinyHunters published nearly 45GB of allegedly stolen Madison Square Garden (MSG) data online after what appears to have been a failed ransom demand, according to reporting from The National CIO Review and 404 Media.
The release landed just days after the New York Knicks won the 2026 NBA Finals, drawing unusual public attention to a breach that might otherwise have stayed in security circles.
What Was Published
Journalists who reviewed portions of the leak reported finding:
- Customer correspondence, including emails about MSG’s facial-recognition policies
- Internal talent and relationship records tied to former Knicks players, coaches, celebrities, and family members of executives
- Fields such as addresses, contact details, appearance fees, representative information, and biographical notes
- Internal risk designations — individuals labeled “Low Risk” or “High Risk” without published methodology
ShinyHunters posted a message alongside the dump stating that organizations that refuse to pay should expect stolen data to be published publicly. A group spokesperson told reporters the intrusion occurred on June 5, 2026.

Separate From the March Oracle Breach
This incident appears distinct from MSG’s earlier disclosure. In March 2026, MSG confirmed a breach involving Oracle’s E-Business Suite environment — reporting tied that compromise to the Cl0p ransomware group, which later named MSG as a victim.
The newly published ShinyHunters data involves different threat actors and likely different systems. At the time of reporting, MSG had not publicly responded to requests for comment on the new leak.
Post-Incident Security Posture Assessment
We ran independent EmailMeNow Cybersecurity Audits against MSG and Knicks public-facing domains on June 19, 2026:
| Organization (Domain) | Overall | Risk Level |
|---|---|---|
| Madison Square Garden (msg.com) | 44% | High Risk |
| New York Knicks (nyknicks.com) | 30% | Critical Risk |
| Madison Square Garden venues (thegarden.com) | 54% | Average |
Key takeaways:
- nyknicks.com (30%, Critical Risk) sits in the weakest compliance band — the kind of gap that makes customer and partner email impersonation easier after a data leak.
- msg.com (44%, High Risk) and thegarden.com (54%, Average) also fall short of the 100% ideal for organizations that handle ticket buyer and VIP correspondence at scale.
These public-facing scores do not prove how the ShinyHunters intrusion occurred, but they illustrate the identity and transport weaknesses common at large venues before and after steal-and-leak campaigns.

Audit links:
Why This Matters for Texas Organizations
Modern extortion groups like ShinyHunters often skip encryption-heavy ransomware in favor of steal-and-leak pressure campaigns — the same pattern documented in our April 2026 ShinyHunters roundup and FBI IC3 alerts.
For venues, sports franchises, and hospitality operators — including Texas arenas, event promoters, and ticket vendors — the MSG leak highlights three risks:
- Relationship-management databases are high-value targets. Talent fees, VIP contact lists, and internal risk ratings are embarrassing and useful to attackers.
- Failed ransom negotiations now mean public dumps, not quiet recovery — incident response plans must assume data will be published.
- Repeat compromises are possible. MSG’s Oracle breach and this ShinyHunters leak suggest separate entry points; one cleanup does not eliminate residual exposure.

Defensive Takeaways
- Treat SSO and help-desk social engineering (vishing) as primary ShinyHunters TTPs — enforce MFA, callback verification, and privileged-access monitoring.
- Minimize sensitive categorization data in operational systems; if you track VIP or high-risk patrons, assume those fields could become public.
- Prepare customer and partner notification templates before a leak site countdown expires — regulatory filings often follow public dumps.
- Review hospitality and retail breach trends in state AG data for sector-specific exposure patterns.
Related trackers
- Hospitality & retail tracker
- Texas OAG YTD dashboard
- Ransomware threat landscape
- Monitoring guide
- All state AG trackers
- CA June roundup
- TX June roundup
- Have I Been Pwned
Protect ticket buyers, members, and VIP contacts.
Run a free Instant Cybersecurity Audit at audit.emailmenow.com/?industry=hospitality-retail or contact EmailMeNow IT Consulting for incident response planning and email security hardening.
Sources: The National CIO Review · 404 Media — Hackers Publish Knicks and Madison Square Garden Data Online · EmailMeNow audits — msg.com · nyknicks.com · thegarden.com