ShinyHunters claims – Hackers behind ShinyHunters claim they’ve leaked stolen Madison Square Garden records, including millions of files tied to Knicks players and coaches. The publication follows years of MSG surveillance scrutiny and comes as a federal class-action lawsuit is fil
When the Knicks won their first NBA championship since 1973, the victory should have belonged to the fans.
Instead, a hacking and extortion group called ShinyHunters is now claiming it has published stolen data from Madison Square Garden—turning celebration into another round of anxiety over who has access to people’s information.
ShinyHunters has been publicly naming high-profile victims in recent months. including the education tech firm Instructure. the photography firm Kodak. and a key European human rights organization. In this latest move, reporting by 404 Media says the group published data allegedly stolen from Madison Square Garden.
The file dump, as described in the reporting, is said to include millions of records across 45 gigabytes of files. It allegedly includes potential personal information from customers and references players and coaches from the Knicks. A sample reviewed by 404 Media included one file purporting to contain the names of “talent,” including Knicks members.
The timing is particularly sharp: the data was published not long after the Knicks’ championship win. And the controversy lands on top of scrutiny that Madison Square Garden has already faced for its surveillance practices.
WIRED has previously reported on Madison Square Garden’s extensive use of surveillance technologies, including face-recognition systems. In the newly published material, alleged emails reviewed by 404 Media include one man complaining about face-recognition technology. Madison Square Garden did not respond to the publication’s request for comment.
Within days of the story breaking, a federal class-action lawsuit was filed over the alleged data breach.
Taken together. the allegations point to a familiar and frightening problem: even when companies deploy surveillance and data systems with the promise of safety or improved operations. a single breach can turn everyday interactions—ticketing. attendance. and customer identities—into records that end up in the hands of outsiders.
The stakes don’t stop at one venue, either. The same broader security and privacy pressures show up elsewhere in this week’s tech news roundup—from governments expanding and testing face-scanning tools to changes in how Apple protects email privacy. In the UK. the country will soon begin scanning the faces of asylum-seekers as part of age checks despite evidence that age evaluation and verification tools are deeply flawed and can make mistakes with life-altering consequences.
In San Francisco’s Castro District. at least three bars have been using face scanners at their entrances with tech from Patronscan. according to Gazetteer SF. Staff can log customers who are fighting, being involved in theft, or engaging in other negative behaviors. Face recognition can then identify the person the next time they arrive. and recorded information can be shared as part of a “safety network” between other firms using the technology.
France, meanwhile, is tightening its stance on foreign software for intelligence work. The Direction Générale de la Sécurité Intérieure announced it would stop using Palantir’s data and AI tools in the coming years. replacing them with software from French firm ChapsVision. French prime minister Sébastien Lecornu said. “We must use our own AI models. ” and “We cannot rely on tools developed by foreign powers. France must have its own tools.” Germany’s intelligence agency BfV has taken a similar path. announcing last month it would use ChapsVision instead.
Even consumer privacy is in motion. Apple’s “Hide My Email” tool generates random email addresses to sign up to websites and apps without handing over personal info. But Apple is set to change the domain used to create those addresses. At present, the addresses use the @icloud.com domain. Going forward, as TechCrunch reported this week, Apple plans to use the domain: @private.icloud.com. The shift could make it easier for firms to detect when people are using the service and push users to sign up with different emails.
Back in New York. ShinyHunters’ claim about Madison Square Garden is now in court. with a federal class-action lawsuit filed over the alleged breach. For fans and customers. the question is no longer abstract: what happens to personal data once it’s been collected. processed. and—if these claims are true—taken out of the building entirely.
Madison Square Garden data leak ShinyHunters Knicks surveillance face recognition data breach federal class-action lawsuit 404 Media
So basically the Knicks won and then hackers still ruin everything… cool.
Wait, is this saying MSG was already spying on people with face recognition and then those records got hacked? Like… surprise. I can’t even go to a game without feeling watched now.
I don’t get how 45 gigabytes is “millions of files” but sure. Also the article mentions Knicks players/coaches, so does that mean their personal info is in there too or just “talent” like guest list stuff? Either way, class action will do nothing.
This is why I don’t trust arenas. First it’s the surveillance tech, then hackers drop “data,” and everyone acts shocked. Madison Square Garden should’ve secured it but also why were they collecting faces in the first place? Sounds like both sides are guilty to me, idk.