Madison Square Garden Labels Loyal Fans Like Fat Joe as 'Medium Risk' in Leaked Database
Quick Look
A leaked Madison Square Garden database reveals that loyal fans, including rapper Fat Joe, are labeled with risk scores like 'medium risk.' The database, published by hacker collective ShinyHunters, also tracks VIPs and political figures, raising concerns about surveillance and data privacy.
AI-generated summary
Why It Matters
A leaked database from Madison Square Garden reveals that the organization assigns risk scores to VIPs, including celebrities and loyal fans, raising concerns about surveillance and data privacy.
Fat Joe is a superfan, both of the New York Knicks and their controversial owner, Jim Dolan. The rapper celebrated with Dolan in Cleveland when the team clinched its first finals appearance in decades. When the Knicks organization came under intense scrutiny over aggressive security measures for game 3 of the NBA finals, Fat Joe stuck up for the boss.
“Shoutout to Mr. Dolan, greatest team owner in the game,” he told reporters at the time. “They villainize Mr. Dolan, like, almost like a Bruce Wayne, like a Batman movie and this is Gotham City … This man takes care of us.”
Within Dolan’s organization, however, some have a different view of Fat Joe. An internal Madison Square Garden database of VIPs labels Joe a “medium risk,” one of roughly 400 celebrities given a risk score. Many of those celebs are courtside fixtures at Knicks games: Edie Falco, Mark Ronson, John Turturro, and Tracy Morgan, to name a few. That makes the 400-ish entries unusual. The vast majority of the 39,539 entries in the so-called “talent” database—which tracks boldfaced names in business, technology, politics, media, and sports, along with their guests—are not marked with a risk score at all.
The database is part of a much larger trove of documents published last month by ShinyHunters, a criminal hacker collective. 404 Media was the first to report on the hack and the release of the VIP roll. But the extent to which Madison Square Garden labeled many of the Knicks’ most visible, loyal fans with a risk score hasn’t been previously revealed, nor has the rationale MSG used to do so.
The database doesn’t provide an explicit explanation for Fat Joe’s “medium risk” designation. But as WIRED has previously documented, MSG security keeps close tabs on what is said online about Dolan and the Garden’s management. Some fans have been targeted by MSG for criticizing the mogul; MSG security even asked local law enforcement to visit a teenager in Colorado after one tweet. “They scared the crap 💩 out of some 14 year old kid in Colorado,” an MSG security staffer texted in a message reviewed by WIRED.
A source with knowledge of the matter tells WIRED that Garden security has performed social media sweeps for prominent people looking for complimentary tickets to games. If you’re a celebrity and you’re marked with a risk score—even as a low risk—it means “you’ve done something in the publicity world, the social media world, that has caught the attention of the wrong people,” the source continues. The talent database, which has entries dating back to December 2020 and includes updates as recent as early June of this year, makes repeated reference to “SM concerns.” Physical security threats—potential harms to people or property—are documented in a separate database, the source says. (The source adds that these sorts of databases are common at arenas.)
Garden security cast a wide net in its search for anything remotely negative that someone posts online, the source says. “It doesn’t have to be that serious. You could just be critical of the team or the place itself,” the source notes. “You could post that you had a hard time getting in and you really didn’t like the way you were treated at one of the gates. Which is really nothing, right?”
According to the source, Fat Joe was flagged because of his connection to another legend of New York City rap, Jadakiss, who had been critical of Dolan in the past. (“It seems like he’s always more happier when the team sucks,” Jadakiss said in 2020.) Jadakiss is designated as a “medium risk.” The other members of his hip-hop trio, the Lox, are also in the database but don’t have a risk score.
“It’s a really, really paranoid, terrible system,” the source says.
The talent database provides a window into how MSG internally views its famous, rich, and powerful visitors—its well-curated “celebrity row” and its hordes of high-profile fans. The comedian (and longtime Knicks obsessive) Adam Pally is “not to be hosted”—Garden lingo for getting free tickets—“due to previous comments.” Pally has at times been critical of the team’s management.
Iconic hip-hop producer and DJ Pete Rock, whose Instagram is a nonstop ode to the team, is nevertheless marked “DO NOT HOST” in the database. After beloved Knicks enforcer Charles Oakley was forcibly escorted from the Garden, Pete Rock says he called for a boycott of Dolan on Twitter. “None of the other owners are as petty as Dolan is,” Pete Rock tells WIRED in a direct message, before addressing his comments to Dolan: “You can’t stop me from being a Knick fan, but your controlling behavior towards people is very unprofessional.”
Daisy Jones and the Six actor Will Harrison is flagged because “GF wrote NYT article.” (Harrison isn't public about his romantic life in the way many stars are, and we couldn’t find an article that was in any way a match.) In the spring of 2024, actress and model Julia Fox appeared courtside in an extremely revealing outfit; by early April, she was barred from getting complimentary tickets. Anna Wintour, Condé Nast’s chief content officer and global editorial director of Vogue, always dresses impeccably when attending Knicks games and has no record of disparaging Dolan. She’s labeled as “medium risk.”
People of concern are ranked on a scale, the source explained. “Flag” is the lowest, an indication to discuss the VIP with a supervisor. Next is “low risk”—that’s the marking for Falco, Morgan, and Ben Stiller, their fellow Knicks ride-or-die. After that is “medium risk” (the actor Lily Allen, her ex David Harbour, and the country singer Morgan Wallen) and “high risk” (the hip-hop stars Freddie Gibbs, Lil Jon, DaBaby, and A Boogie Wit da Hoodie). The rapper Lil Tjay, who recently was involved in an altercation at the Garden’s Hulu Theater, is “BANNED FROM MSG,” according to the database.
Five of the publicly identified attendees at Taylor Swift and Travis Kelce’s Madison Square Garden wedding were marked as “low risk”: the musicians Ice Spice, Selena Gomez, and Benson Boone, the TV host Michael Strahan, and the actor Mariska Hargitay.
The talent database also tracks some celebrities’ race, gender identity, and sexual orientation; 93 entries are marked as “LGBTQIA.” Why MSG felt the need to label Ricky Martin or Phoebe Bridgers or Geese’s Emily Green in this way is unclear.
“I’ve never met James Dolan. I don’t know the higher-up leadership at Madison Square Garden. But, like, there does seem to be a bit of a pattern here,” says Evan Greer, director of the digital rights group Fight for the Future, citing WIRED’s reporting on the Garden’s minute-by-minute surveillance of a trans woman. “They just seem overly interested in queer and trans people in their venue,” Greer adds.
The talent database also seems to hint at how MSG might use complimentary tickets to boost its political agenda. Listed are 32 political candidates who are or were “supported by MSG PAC,” along with hundreds of current and former elected officials. The database also includes a column noting each entry’s “claim to fame.” For nearly 60 people, that involves signing a letter or testifying in support of a renewed permit for Madison Square Garden that Dolan was looking to secure in 2023. That list includes union leaders; a lobbyist; the brother of a brain cancer patient, who had been helped by a charity that works with MSG; and the owner of Don Pepi Pizza, an eatery in New York’s skeevy Amtrak terminal, in Penn Station, which sits beneath the Garden.
None of them, it should be noted, have any kind of risk score.
Also in the hacker collective’s data dump is a second, far larger database. It contains over 10.5 million entries peppered with people’s personal information, which appears to be pulled from the Garden’s Salesforce customer management system. Some entries were added as far back as 2012, and others were edited as recently as June 6. In this database are 9,782,361 unique emails, 2,820,221 unique phone numbers, and 2,956 entries that include birth dates. One of the reporters on this story is included in the database, as is Zohran Mamdani, the mayor of New York City. (As a member of New York’s State Assembly last year, he cosponsored a bill banning places like Madison Square Garden from collecting any biometric data.)
A class-action lawsuit filed against the Garden organization in June claims that this spill of private data was a byproduct of Dolan’s growing surveillance state. “This scandal underscores why MSG Entertainment should not be collecting and retaining sensitive customer information in the first place,” said Surveillance Technology Oversight Project legal director Darío Maestro, whose colleague was included in a brief Garden dossier of activists released in the data dump. A representative for the Garden didn’t respond to a request to comment for this story, nor did most of the VIPs mentioned.
ShinyHunters, the hacker collective that took credit for the Garden hack, has been active since 2019, often stealing massive collections of customer information from companies and holding them ransom. In a 15-month span, ShinyHunters posted hacked data from 60 companies, according to federal prosecutors in Washington state. The group has been the target of international law enforcement agencies for nearly as long. In June 2025, French authorities arrested four alleged members. Around the same time, information security experts began warning that hackers were using “vishing”—short for “voice phishing,” phone calls with bogus voices—to access Salesforce customer databases. By January 2026, those experts were calling the vishing attacks “ShinyHunters-branded” and warning that the attacks were aimed at corporate sign-on services like Microsoft Entra, with the goal of burrowing inside those Salesforce systems. Google Threat Intelligence publicly recommended that companies using Salesforce and Entra “temporarily disable or heavily restrict” access to “self-service password reset portals,” among other measures. Salesforce issued its own warning in March, after ShinyHunters said it hit companies like Panera, GrubHub, and Wynn Resorts, releasing millions of customer records online.
The FBI issued an alert in May, calling ShinyHunters “a cyber criminal group specializing in large-scale data breaches and extortion,” one that targets “major companies across tech, finance, and retail, often stealing millions of customer records at once.”
“ShinyHunters’ continued success against enterprise targets tells us that organizations are still granting far more access than any individual role requires,” one IT security expert, Chris Radkowski, told the industry trade outlet Security Boulevard in early June. The MSG break-in was a “separate incident” from the earlier intrusions, a Microsoft spokesperson tells WIRED. But it's clear there were repeated warnings about this network of hackers trying to get access to these particular sets of data. ShinyHunters announced the Garden hack on June 16.
A member of the ShinyHunters collective told 404 Media that they used “employee vishing on their Microsoft Entra” to reset a password that would then grant them access to MSG’s networks. The hack included sensitive tax documents from a junior employee in a folder marked “personal.” The hackers also appear to have broken into the Garden’s Salesforce system and extracted the millions of records included in the leak. Then they demanded a ransom, warning that they would dump the files online. “Final warning pay or leak,” the collective posted.
The ShinyHunters member claimed they targeted MSG, in part, because of Dolan’s surveillance practices, which includes scanning the faces of everyone who enters his company’s venues, from the Sphere in Las Vegas to Radio City Music Hall in Manhattan to the Garden itself. The leaked documents that WIRED reviewed did not appear to include patrons’ face-recognition data but did contain multiple complaints from people who believed they were erroneously added to a biometric-driven blacklist. ShinyHunters believed MSG would be motivated to protect the information. “Yes we thought they would pay for that reason, but they surprisingly did not,” the member told 404 Media.
The group released 45 gigabytes’ worth of data. “The company held onto a mountain of data it never needed, and ShinyHunters walked off with it,” Maestro said in a statement. “A company that cannot secure a customer list has no business scanning our faces.” A third database, marked “cases,” reveals even more private information, including about high-ranking local officials. The database contains a request for “a full threat management check” on Jessica Tisch and provides her personal phone number, her email, and her home address at the time. Tisch was appointed commissioner of the New York Police Department three months later and remains in the position.
Dolan publicly complained about Tisch’s security measures during the Knicks’ historic NBA finals run, and the mogul appeared to snub Mamdani on the steps of City Hall after the mayor gave an impassioned speech comparing the team’s never-say-die spirit to New York’s.
Nevertheless, the oft-criticized Dolan received a rare rush of goodwill following both the championship and the release of a video from 10 weeks earlier, showing him giving a surprisingly potent pep talk to the team. A Boogie Wit da Hoodie partied with the team after the Knicks won, despite his “high risk” designation from MSG. During the celebratory parade up Broadway, with over 2 million people cramming downtown Manhattan, Fat Joe performed, along with Jadakiss and a who’s who of New York rappers. Maybe they won’t be considered quite so risky next year, when the Knicks return to MSG.
Open Questions
- What is the full extent of MSG's surveillance practices?
- Will there be legal repercussions for MSG's data handling?
- How will this impact MSG's relationship with its fans and artists?





