Law Firm Probes MSG Entertainment Data Breach

The breach was first discovered on or about December 16, 2025, stemming from a vulnerability in a vendor-hosted Oracle eBusiness Suite. An investigation revealed that an unauthorized party first gained access to application data, including personal information, back in August 2025. Compromised files potentially exposed sensitive personal information such as names, addresses, and Social Security numbers. As a result, affected individuals face a heightened risk of identity theft and fraud, prompting recommendations for them to monitor their credit reports and account statements closely. MSG Entertainment began sending notification letters to those affected by the breach. This incident is not MSG's first encounter with data security issues. In 2016, the company disclosed that malware had been capturing payment-card data from its merchandise and food and beverage systems for nearly a year, affecting customers at venues including Madison Square Garden, Radio City Music Hall, and the Chicago Theatre. The company has also faced scrutiny and lawsuits over its use of facial recognition technology to identify and eject individuals, including attorneys from firms involved in litigation against MSG. A former executive even alleged a lack of protocols for the safe handling of data collected through these surveillance methods. The investigation by Edelson Lechtzin LLP, a national class-action law firm, could lead to a lawsuit seeking legal remedies for those whose data was compromised. Such lawsuits often result in settlements that may include monetary compensation, credit monitoring, and identity theft protection for the victims. For the insurance industry, such breaches trigger a range of potential claims and coverage needs. These include costs for credit monitoring services, legal defense, and potential settlements arising from class-action lawsuits, highlighting the significant financial fallout from cyber vulnerabilities.