Madison Square Garden class action overview:
- Who: Plaintiff Henggao Cai filed a class action lawsuit against Madison Square Garden Sports Corp (MSGS).
- Why: Cai alleges MSGS failed to protect customers’ personal information, exposing more than 26 million records in a data breach.
- Where: The Madison Square Garden class action was filed in New York federal court.
A new class action lawsuit alleges Madison Square Garden Sports failed to secure the personal information of millions of customers, leaving it vulnerable to a cyberattack that compromised more than 26 million records.
Plaintiff Henggao Cai filed the lawsuit on June 17, claiming negligence on behalf of the sports and entertainment company allowed cybercriminal group ShinyHunters to infiltrate its data networks and exfiltrate vast amounts of sensitive customer information.
The complaint alleges MSGS has issued no public statement and has not notified affected individuals of the breach, leaving victims unable to assess what data was taken or what steps are being taken to protect them.
Cai alleges he has suffered concrete harm as a direct result of the Madison Square Garden data breach, including time spent researching the incident and monitoring his financial accounts, a loss of privacy, diminished value of his personal information and a continuous risk of identity theft and financial fraud.
The Madison Square Garden class action lawsuit further alleges that class members face an increase in spam calls, texts and emails; ongoing exposure to fraud and identity theft; and significant out-of-pocket expenses for protective measures, such as credit monitoring and fraud alerts.
MSGS has not offered identity theft monitoring or protection services to any affected individuals, the lawsuit alleges.
Cai wants to represent a nationwide class of all individuals in the United States whose private information was compromised in the data breach.
Data breach allegedly exposed guests’ facial recognition data and profiles
According to a Law360 report, the breached data allegedly goes well beyond standard customer records, citing a separate lawsuit claiming the compromised files included facial biometric data, threat assessment ratings and detailed profiles of guests.
Law360 reports that MSGS has long collected biometric facial recognition data from every person who enters its arena, feeding that information into a system called eConnect, operated by a company called Xtract One, into which MSGS invested $6 million.
Allegedly, eConnect builds profiles automatically, including by flagging individuals whose social media activity is deemed unfavorable to the venue, and assigns each guest a threat rating that determines how they are treated by security.
Cai claims MSGS acted willfully and recklessly by failing to implement adequate security measures, neglecting to prevent unauthorized data disclosure and disregarding its own encryption protocols — even for internal use.
Cai demands a jury trial and requests damages, injunctive relief, restitution and lifetime identity theft protection services for all class members.
In a rash of lawsuits stemming from alleged ShinyHunter attacks, cruise liner Carnival is accused of failing to notify its customers after more than 8.7 million records were allegedly exfiltrated by the group on April 18.
What do you think of the allegations made in this Madison Square Garden data breach lawsuit? Let us know in the comments.
The plaintiff is represented by Gary F. Lynch and Gerald D. Wells III of Lynch Carpenter LLP.
The Madison Square Garden class action lawsuit is Henggao Cai v. Madison Square Garden Sports Corp., Case No. 1:26-cv-05103, in the U.S. District Court for the Southern District of New York.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements: