MSG Entertainment Hack: Lawsuits Say 26 Million Records Breached, Including Fan & Celeb Data

MSG Entertainment has been the victim of a data breach exposing the personal information of venue visitors, according to several new lawsuits against the company.

The breach, first reported by technology publication 404 Media, was announced by hacker group ShinyHunters on Tuesday (June 16). The hackers reportedly went public with 42 gigabytes of stolen data after MSG Entertainment — which runs Madison Square Garden, the Chicago Theatre, Radio City Music Hall and The Beacon Theatre — refused to pay a ransom.

Three consumer class action lawsuits quickly followed on Tuesday and Wednesday (June 17), accusing the company of negligence for failing to stop the attack. The lawsuits claim that the 26 million records exposed by ShinyHunters are made up of personal information and “threat assessment profiles” for MSG Entertainment venue visitors, including celebrity attendees. These files allegedly identify avid New York Knicks fan Ben Stiller as “low risk” while flagging rapper A Boogie Wit da Hoodie as “high risk.”

The fans in these lawsuits claim MSG Entertainment left itself open to this hack by failing to operate adequate cybersecurity defenses, even though the company maintains significant customer databases that make it a prime victim for malicious actors. The legal complaints note, for example, that MSG famously has a controversial policy of collecting facial recognition information from venue visitors.

“This is an action against defendant MSG for their recidivist disregard for consumer privacy and MSG’s complete and utter failure to properly secure and safeguard personally identifiable information,” reads one lawsuit filed on behalf of New York resident Carlos Avalos, who attended a concert at one of the company’s venues in 2025.

MSG Entertainment had not made any public disclosures about the data breach as of Thursday morning (June 18). Reps for the company did not immediately return requests for comment.