Hackers Publish Knicks and Madison Square Garden Data Online

A cybersecurity breach targeting Madison Square Garden Sports (MSG) has resulted in the public release of over 26 million stolen records by the hacking group ShinyHunters. The data, published online on June 16, 2026, includes personal information of customers, emails exchanged with MSG staff, internal corporate documents tied to the New York Knicks and Rangers, and internal profiling data such as addresses, 'cost of talent,' and 'claim to fame' for Knicks-related personalities. The breach followed a June 5, 2026, attack, just days after the Knicks won the NBA Finals in five games over the Spurs. ShinyHunters set a June 15 deadline for MSG to negotiate, but the organization did not respond, prompting the group to leak the data. This is not MSG’s first security failure; a 2015–2016 POS malware attack and a 2025 Cl0p ransomware breach exposed payment card data and personal information for thousands. The leaked files include customer emails, internal records, and what appears to be detailed internal dossiers on talent. Cybersecurity analysts describe ShinyHunters as a well-documented threat actor with a history of breaches at Microsoft, AT&T, and Tokopedia, shifting focus from ransomware to pure extortion campaigns. MSG has not issued a public statement addressing the breach, leaving fans and affected individuals without official guidance. The timing of the breach—amid celebrations for the Knicks’ championship—highlights the severity of the security crisis. ShinyHunters’ message remains clear: failure to pay results in public exposure of stolen data. Analysts warn that MSG’s repeated breaches suggest inadequate security measures for an organization of its prominence in global sports.