A 45-gigabyte data breach just proved the activists right. When cybercrime group ShinyHunters dumped Madison Square Garden’s internal files online after a missed ransom deadline, buried in the haul was a Word document titled “Facial Recognition Activists.docx.” Not a security threat assessment. Not an incident report. A file on the people who publicly criticized MSG for scanning faces at the door. According to 404 Media, which downloaded and reviewed the data, the document sat in a SharePoint folder labeled “Activists” — accessible across the company. This kind of corporate targeting mirrors the tactics described in a recent report on a surveillance app built by operatives to monitor political critics.
What MSG Was Keeping on Its Critics
The dossier cataloged three prominent privacy advocates with unsettling precision.
Open the document and you find entries on Evan Greer of Fight for the Future, Albert Fox Cahn of the Surveillance Technology Oversight Project, and Adam Schwartz of the Electronic Frontier Foundation. For each person: background information, contact details, social media handles with follower counts, and screenshots of their public criticism of MSG’s biometric program.
- Dated December 23, 2022; stored internally in a folder named “Activists”
- Included screenshots of Greer’s tweets urging a Portland-style facial recognition ban in New York City
- MSG misgenders Greer — a trans woman — throughout the document
- MSG did not respond to 404 Media’s request for comment
“The fact that MSG is creating dossiers on activists who say things they don’t like shows exactly why private companies should not be allowed to use dangerous surveillance technologies like facial recognition,” Greer told 404 Media.
A Pattern, Not an Anomaly
The dossier fits into years of MSG deploying facial recognition against perceived enemies.
Most companies maintain watch lists for genuine security threats. MSG maintains them for lawyers. Starting in June 2022, the company scraped profile photos from over 90 law firm websites and fed roughly 1,200 attorney faces into its recognition system — banning them solely because their firms had active litigation against MSG. A separate WIRED investigation found a trans woman sports fan was tracked throughout the arena for two years, including bathroom entry and exit, documented in an 18-page internal file. That’s not a security protocol. That’s a surveillance operation.
The ShinyHunters breach reportedly exposed 26 million customer and corporate records, including biometric tracking logs and background check data — a scale reminiscent of apps caught secretly tracking users without their knowledge. A federal class action lawsuit followed. Adam Schwartz of the EFF warned the precedent could extend to any business using facial recognition “to identify and punish their critics” — including customers who simply leave a negative review.
The Cameras Stay On — For Now
Regulators are circling, but MSG hasn’t blinked.
New York Attorney General Letitia James formally questioned whether MSG’s practices violate state civil rights law. Organizations including STOP, EFF, and Fight for the Future are pressing for stricter biometric legislation. Ticket buyers walk through a scanner, catch a show, and rarely expect to end up catalogued in a corporate Word document. Until the rules change, that gap between expectation and reality remains wide open — a reminder of the broader pattern of tech scandals that have exploited millions of people.
