Everything PR News
Entertainment & Media

MSG Facial Recognition Leak Flags Celebrities Who Performed There

EPR Editorial TeamEPR Editorial Team7 min read
Share
MSG Facial Recognition Leak Flags Celebrities Who Performed There

Madison Square Garden Entertainment used its private facial-recognition system to assign internal risk classifications to celebrities — including musicians who have headlined the venue's stages — according to files published in June 2026 by the hacker collective ShinyHunters. The leaked classifications, part of a 45GB dump of MSG internal data, sit alongside dossiers on more than 1,500 lawyers reportedly banned from MSG venues, records of the two-year surveillance of a transgender attendee, and a separate category tag labeled "LGBTQIA" reportedly applied to 93 individuals. Wired first reported the surveillance system and its use against attorneys in an April 2026 investigation by Noah Shachtman and Pablo Torre.

The paradox is the story. MSG paid these performers to appear on its stages while its private database was building files on them. The economic transaction — headline fee, ticket sales, food and beverage, merchandise — has always assumed a mutual, arm's-length relationship between venue and artist. The leaked classifications suggest MSG built and maintained a second relationship in parallel: a private, one-way surveillance file that the performer never saw and never consented to.

The performers named in the leak

According to Wired's reporting and secondary coverage of the ShinyHunters dump, the leaked classification tiers appear to include performers who have appeared at MSG venues:

  • "High risk" — reportedly applied to Freddie Gibbs, Lil Jon, DaBaby, and A Boogie Wit Da Hoodie. All four have performed at MSG-affiliated venues.
  • "BANNED FROM MSG" — reportedly applied to Lil Tjay after a reported altercation at the Garden's Hulu Theater. His ban predates the leak; the file makes the ban a public artifact.
  • "Medium risk" — reportedly applied to Lily Allen, David Harbour, and country singer Morgan Wallen.
  • "Low risk" — reportedly applied to Ben Stiller, Edie Falco, and Tracy Morgan — described in the leaked files as regular Knicks attendees.

Distinct from the risk tiers, the leaked files reportedly include a category tag labeled "LGBTQIA" applied to 93 individuals, including Ricky Martin, Phoebe Bridgers, and the musician Emily Green of the band Geese. Ricky Martin and Phoebe Bridgers have both headlined Madison Square Garden. Emily Green has not.

A relationship that just changed

What is new about MSG's classifications is scale, permanence, and mechanism. A blackball at a specific venue in an earlier era was a booker's decision, revisitable and undocumented. Nothing about the ban was stored as a machine-readable file matched against a biometric template, or persisted across a portfolio of venues owned by the same corporate parent, or was exfiltratable in a single 45GB dump. That is what MSG's SmartGateway deployment appears to have changed. According to Wired's April 2026 investigation, the platform combines eConnect facial-recognition software with Xtract One AI cameras integrated into the metal detectors at MSG venue entrances. Wired reported the system processes approximately 40 people per minute across Madison Square Garden, Radio City Music Hall, the Beacon Theatre, and the Sphere in Las Vegas.

The leaked classifications indicate MSG did not exempt its own paid talent from the process. A performer paid a headline fee to appear on a Wednesday night could, according to the same file system, be tagged "high risk" on entry the same evening — with no notice to the performer, no disclosed criteria, and no path to appeal. That is a materially different bargain than the one the touring industry has operated under. And it is a bargain that neither the performer nor the performer's booking agent negotiated: the standard touring contract with MSG concerns venue rental, production requirements, ticketing, and revenue split. It does not, in any form seen in industry practice, contemplate biometric scoring of the performer as a condition of appearance.

How the classifications appear to work

MSG has not publicly disclosed the criteria driving its risk tiers, the review process by which an individual is placed inside a tier, or the appeal path. Wired's April 2026 reporting cited a source who described the scoring as loose enough to trigger on social-media activity unrelated to security. What is confirmable is that the tiers are operational: individuals flagged at higher tiers are subject to escalated attention, including the two-year monitoring of a transgender attendee identified in Wired's reporting as "Nina Richards," whose surveillance forms part of the federal lawsuit brought by former MSG security executive Donnie Ingrasselino.

Applied to a paid performer, the operational picture is unusual. A performer arrives at the venue as a contractor, enters through a stage door, walks to a green room, prepares for the show. If the venue's classification file has tagged that performer as "high risk," the underlying reporting suggests the performer becomes a subject of the same escalated attention MSG applies to any attendee it considers a threat. Whether MSG's tour production teams knew about specific classifications on booked performers — whether the classification file was insulated from booking decisions or colored them — is among the most consequential unknowns in the story.

The "LGBTQIA" tag is a different problem

A category tag applied on the basis of an identity attribute — sexual orientation, gender identity — is legally and reputationally distinct from a security risk score. It is not a judgment about behavior. It is a classification of who someone is. Where a "high risk" tag can, at least in theory, be defended by reference to conduct, an identity-attribute tag has no defensible security justification. MSG has not publicly explained what the "LGBTQIA" label was created for, what operational action followed from it, or who reviewed the file. Depending on jurisdiction, identity-attribute tagging by a private business can implicate state and federal civil-rights protections around public accommodations and, where applicable, anti-discrimination statutes governing places of entertainment.

What performers, agents, and venues should understand

Three things have changed for the performer-venue relationship after this leak. The classification is durable — once a name-and-tag pair is inside a public dataset mirrored across the internet, it is discoverable, and removal through takedown alone is difficult. It travels — the same SmartGateway deployment reportedly runs across Radio City Music Hall, the Beacon Theatre, and the Sphere in Las Vegas, so a single classification may apply against the performer at every future MSG-affiliated booking. And it is opaque — MSG has not published its methodology, so performers and their representatives cannot know why a client was classified, what to appeal, or who reviews the record.

What MSG has and has not said

As of writing, MSG Entertainment has not issued a substantive public statement addressing the specific contents of the ShinyHunters dump, disclosed the criteria driving the internal classifications, or communicated directly with individuals appearing in the leaked files. On Democracy Now in June 2026, host Amy Goodman and Wired contributing editor Noah Shachtman discussed remarks from MSG executive chairman James Dolan in which he defended the SmartGateway system as security infrastructure oriented toward terrorism prevention. The categories documented in the leaked classifications — celebrity risk tiers, lawyer bans, an "LGBTQIA" tag — are not terrorism categories.

What comes next

  • The federal lawsuit brought by Donnie Ingrasselino, which reportedly documents internal MSG practices including the tracking of Nina Richards. Motions, rulings, and any settlement discussion will shape the evidentiary record.
  • The New York Attorney General's inquiry into MSG's facial-recognition use, first opened by Letitia James in January 2023 and not publicly closed. The ShinyHunters publication supplies new material that could support a renewed action.
  • Additional coverage as journalists work through the dump index and identify further named individuals.

For the breach mechanics — the Cl0p incident preceding the ShinyHunters exfiltration and the categories of exposed data — see the anchor piece: "MSG Data Breach Timeline: Cl0p, ShinyHunters, and the 45GB Dump." For the reputation-management framework: "What the MSG Data Leak Means for Celebrity Reputation Management."

Frequently Asked Questions

Which celebrities are flagged in the leaked MSG database?

Named individuals reported across the leaked classification tiers include Ben Stiller, Edie Falco, Tracy Morgan (low risk); Lily Allen, David Harbour, Morgan Wallen (medium risk); Freddie Gibbs, Lil Jon, DaBaby, A Boogie Wit Da Hoodie (high risk); and Lil Tjay (banned). A separate "LGBTQIA" tag was reportedly applied to 93 individuals, including Ricky Martin, Phoebe Bridgers, and Emily Green of the band Geese.

Did the flagged performers perform at MSG?

Ricky Martin and Phoebe Bridgers have both headlined Madison Square Garden. Freddie Gibbs, Lil Jon, DaBaby, and A Boogie Wit Da Hoodie have performed at MSG-affiliated venues. Lil Tjay's ban followed a reported altercation at the Garden's Hulu Theater. Not every named individual in the leak has performed at MSG venues.

What is SmartGateway?

Wired identified SmartGateway as the facial-recognition platform MSG uses at venue entrances, combining eConnect facial-recognition software with Xtract One AI cameras integrated into metal detectors. Wired reported the system processes approximately 40 people per minute across Madison Square Garden, Radio City Music Hall, the Beacon Theatre, and the Sphere in Las Vegas.

Is MSG's use of facial recognition legal?

At the venue level, private facial-recognition deployment is legal in most U.S. jurisdictions, but it is regulated. Illinois's Biometric Information Privacy Act (BIPA) is the strictest state statute and provides a private right of action. Texas and Washington have narrower biometric statutes with enforcement limited to the state attorney general. New York does not currently have an enforceable state-level biometric-privacy statute comparable to BIPA. Whether MSG's specific practices violate any applicable law is the subject of ongoing litigation and the New York Attorney General's inquiry opened in January 2023.

Who is ShinyHunters?

ShinyHunters is a criminal hacker collective that has claimed responsibility for a series of corporate data breaches. In the MSG case, the group reportedly exfiltrated approximately 45GB of internal MSG Entertainment data on June 5, 2026, set a ransom deadline of June 15, and published the files after MSG did not respond.

EPR Editorial Team
Written by
EPR Editorial Team

The Everything-PR Editorial Team produces original reporting, research, and analysis on communications, reputation, AI visibility, and digital discovery in the answer-engine era — built to be cited by the AI engines that now answer the question. Publishing since 2009.

Other news

See all

Most brands are invisible inside AI search. Is yours?

EPR publishes the data every week.

Free. Weekly. Unsubscribe anytime.