Lawsuit Claims 2026 MSG Data Breach May Have Exposed Sensitive Biometric Info Used For Threat Assessments
Granados v. Madison Square Garden Entertainment Corporation
Filed: June 17, 2026 ◆§ 1:26-cv-05138
A class action lawsuit alleges that Madison Square Garden Entertainment Corp. failed to protect data in its care from a June 2026 cyberattack.
A proposed class action lawsuit alleges that Madison Square Garden Entertainment Corporation failed to protect the sensitive personal information—and potentially biometric-linked threat-assessment data—of employees, visitors and other individuals whose data was compromised in a June 2026 data breach.
Want to stay in the loop on class action lawsuits that matter to you? Sign up for ClassAction.org’s free weekly newsletter.
The 33-page Madison Square Garden data breach lawsuit contends that the iconic Manhattan arena failed to implement reasonable cybersecurity measures to protect the trove of information it collects and stores from millions of people who visit the venue every year, including employees, sports fans, concertgoers and celebrities.
According to the complaint, the cybercriminal group ShinyHunters announced on June 16 that it had infiltrated MSG’s network and accessed 26 million allegedly unencrypted consumer records.
The data breach lawsuit emphasizes the particularly sensitive nature of the information exposed in the breach, given the venue's use of facial-recognition technology and other controversial surveillance techniques to create threat-assessment profiles for visitors.
Per the suit, MSG has collected facial scans and other biometric data since 2018 and combines that information with social media activity and other data to assess perceived security risks. The complaint further alleges that the company’s security systems collect information related to surrounding neighborhoods, local protesters and even law firms that may pursue litigation against the venue.
Related Reading: Madison Square Garden Facing Class Action Over Alleged Use of Biometric Data to Ban Rival Attorneys from NYC Venues
“This is the sort of data which was compromised in the Data Breach – an amalgamation of biometric and sensitive information compiled to create threat assessments for Defendant,” the MSG data breach lawsuit contends.
The complaint says sample data provided to the media reportedly included threat-assessment reporting, addresses, information about celebrities—including actor and Knicks fan Ben Stiller—and internal documents about the costs to secure talent and their contact information.
Despite its extensive investments in security and threat monitoring, MSG allegedly failed to implement basic cybersecurity safeguards, including practices recommended for businesses by the Federal Trade Commission. The suit argues that MSG knew or should have known that it could be the target for cybercriminals given the volume and sensitivity of the information it maintained.
As a result of the breach, affected individuals now face an increased, ongoing risk of identity theft, fraud, and other misuse of their private information, the case claims. The complaint contends that with this data, cybercriminals can commit a variety of crimes and sell it on illicit marketplaces, such as the dark web, where it has high value.
“It is likely that the Data Breach happened because Defendant was not adequately monitoring its systems for breaches; to this point Defendant likely only became aware of the Data Breach because of the ransomware which locked their systems and collected the PII until a ransom was paid,” the filing asserts.
The lawsuit also notes that the June 2026 incident was not MSG’s first cybersecurity event. According to the complaint, a point-of-sale attack compromised the payment card information of visitors in 2015 and 2016, and a separate 2025 attack by another cybercriminal group, Cl0p, exposed the information of current and former employees by way of an Oracle Business Suite vulnerability.
The Madison Square Garden data breach lawsuit seeks to represent all individuals in the United States whose personally identifiable information was maintained by the venue and was compromised in the data breach.
Check out ClassAction.org’s lawsuit list for the latest top class action lawsuits.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Kratom 7-OH Lawsuits
Anyone who has used 7-OH kratom products and suffered a serious injury, such as overdose, heart attack or addiction, may be able to take legal action.
Read more: Kratom 7-OH Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.