Madison Square Garden Sports had data on nearly 10 million accounts exposed after the ShinyHunters group carried out a pay-or-leak extortion campaign and published the stolen data online.
What happened
According to Have I Been Pwned, in June 2026 the sports and entertainment company Madison Square Garden Sports was targeted by the ShinyHunters hacking group in a "pay or leak" extortion campaign. When the company did not comply, the group published the alleged stolen data online, as reported by 404 Media.
What was exposed
The published data reportedly included nearly 10 million unique email addresses belonging to staff and customers. Beyond email addresses, the dataset also contained names, phone numbers, physical addresses, and customer service records, according to HIBP.
Who is affected
Approximately 9.8 million individuals are affected, including both employees and customers of Madison Square Garden Sports. Given the breadth of the dataset, anyone who has interacted with MSG Sports — whether attending events, purchasing tickets, or contacting customer service — may be included.
What to do now
If you have ever provided personal information to Madison Square Garden Sports, be alert for phishing emails and unsolicited phone calls that use your personal details to appear legitimate. Consider placing a fraud alert with the major credit bureaus as a precaution. Use unique, strong passwords for any accounts associated with your MSG Sports email address, and enable two-factor authentication where available.