Fat Joe is a superfan, both of the New York Knicks and their controversial owner, Jim Dolan. The rapper celebrated with Dolan in Cleveland when the team clinched its first NBA Finals appearance in decades, a moment of catharsis for a franchise long mired in mediocrity. When the Madison Square Garden (MSG) organization came under intense scrutiny over aggressive security measures for Game 3 of the NBA Finals, Fat Joe publicly defended the boss. “Shoutout to Mr. Dolan, greatest team owner in the game,” he told reporters at the time. “They villainize Mr. Dolan, like, almost like a Bruce Wayne, like a Batman movie and this is Gotham City… This man takes care of us.” However, internal documents suggest that the feeling of total trust is not entirely mutual. Within Dolan’s organization, a different view of the rapper exists. An internal Madison Square Garden database of VIPs labels Fat Joe as a “medium risk,” placing him among roughly 400 celebrities assigned a risk score by the organization. Many of these individuals are courtside fixtures at the Garden, including Edie Falco, Mark Ronson, John Turturro, and Tracy Morgan. These 400-odd entries represent a specialized subset of a much larger “talent” database containing 39,539 entries. This repository tracks high-profile names in business, technology, politics, media, and sports, yet the vast majority are not assigned a specific risk level. The existence of this scoring system, revealed through a massive data breach, highlights the granular level of surveillance and categorization MSG employs even for its most loyal and public-facing supporters. The ShinyHunters Breach: A Massive Exposure of Private Data The database was part of a 45-gigabyte trove of documents published by ShinyHunters, a notorious criminal hacker collective. While initial reports by 404 Media focused on the release of the VIP roll, further analysis reveals the extent to which MSG labeled its most visible fans with risk scores and the specific rationale used to justify such designations. The breach goes far beyond celebrity lists; it includes a second, larger database containing over 10.5 million entries extracted from the Garden’s Salesforce customer management system. This larger data dump includes 9,782,361 unique email addresses, 2,820,221 unique phone numbers, and thousands of entries containing birth dates and personal addresses. High-ranking officials were not immune; the database includes the personal contact information of Zohran Mamdani, a member of the New York State Assembly and a vocal critic of MSG’s biometric data collection. Also included were the personal details of Jessica Tisch, who was appointed commissioner of the New York Police Department shortly after the data was compiled. The exposure of such sensitive information has sparked a class-action lawsuit against the MSG organization, alleging that the spill was a direct byproduct of Dolan’s "growing surveillance state." Categorizing the "Risk": From Low to Banned According to sources familiar with MSG’s security protocols, the risk scores are part of a tiered system used to manage how the organization interacts with high-profile guests. The rankings are structured as follows: Flag: The lowest level, indicating that security staff should discuss the VIP with a supervisor before providing service or access. Low Risk: Assigned to celebrities like Ben Stiller, Mariska Hargitay, and Michael Strahan. These individuals are generally viewed favorably but remain under the organization’s watch. Medium Risk: This category includes Fat Joe, Lily Allen, David Harbour, and country star Morgan Wallen. Even high-ranking executives like Anna Wintour, the chief content officer of Condé Nast, are labeled as medium risk despite having no public record of disparaging the Garden. High Risk: This tier is reserved for figures like Freddie Gibbs, Lil Jon, DaBaby, and A Boogie Wit da Hoodie. Banned: The most severe designation. The rapper Lil Tjay, for example, is explicitly marked as "BANNED FROM MSG" following an altercation at the Hulu Theater. The "talent" database also tracks demographic information that has raised concerns among civil rights advocates. Approximately 93 entries are marked as “LGBTQIA,” including artists like Ricky Martin, Phoebe Bridgers, and Emily Green. Evan Greer, director of the digital rights group Fight for the Future, noted a disturbing pattern in the Garden’s interest in the sexual orientation and gender identity of its visitors, citing previous instances where the organization tracked trans women with minute-by-minute surveillance. The Rationale: Social Media as a Security Threat The database does not always provide an explicit explanation for a “medium risk” designation, but it frequently references “SM concerns”—social media concerns. MSG security maintains a rigorous dragnet, monitoring what is said online about Jim Dolan and the Garden’s management. A source familiar with the matter stated that Garden security performs social media sweeps for prominent people seeking complimentary tickets. If a celebrity has expressed criticism of the team or the venue, they are flagged. Fat Joe’s “medium risk” status, for instance, is reportedly linked to his connection with fellow rapper Jadakiss, who has been publicly critical of Dolan in the past. Jadakiss himself is marked as a “medium risk.” Other figures, like comedian Adam Pally, are marked as “not to be hosted”—meaning they are ineligible for free tickets—due to previous comments regarding the team’s management. The pettiness of the system is a recurring theme among those flagged. Legendary hip-hop producer Pete Rock is marked “DO NOT HOST” after he called for a boycott of the Garden following the 2017 incident where former Knicks player Charles Oakley was forcibly removed from the arena. “None of the other owners are as petty as Dolan is,” Pete Rock said, addressing the owner’s “controlling behavior.” Even association can lead to a flag; actor Will Harrison was reportedly flagged because his girlfriend allegedly wrote a New York Times article critical of the organization. Political Influence and the Permit Battle Beyond celebrity management, the database reveals how MSG utilizes its resources to further a political agenda. The documents list 32 political candidates supported by the MSG PAC, along with hundreds of current and former elected officials. A specific column titled “claim to fame” notes whether an individual supported MSG’s 2023 effort to secure a renewed operating permit. The list of supporters includes union leaders, lobbyists, and even local business owners, such as the proprietor of Don Pepi Pizza in Penn Station. Notably, none of the individuals who supported Dolan’s political or business interests were assigned a risk score. This suggests the database serves a dual purpose: identifying enemies and rewarding allies. The use of complimentary tickets and VIP access appears to be a key tool in maintaining a network of supporters who can be called upon during legislative or regulatory battles. Technical Failures and the Vishing Attacks The breach itself was the result of sophisticated social engineering. ShinyHunters utilized “vishing”—voice phishing—to target MSG employees. By mimicking legitimate voices over the phone, the hackers gained access to Microsoft Entra, a corporate sign-on service, which allowed them to reset passwords and burrow into the Garden’s Salesforce systems. This attack occurred despite repeated warnings from cybersecurity experts. In early 2026, Google Threat Intelligence and Salesforce had issued alerts regarding “ShinyHunters-branded” vishing attacks targeting enterprise systems. Microsoft spokespeople confirmed that the MSG break-in was a separate incident from earlier intrusions, but the fact that the hackers successfully extracted 45GB of data suggests that the organization failed to implement necessary safeguards despite the high-profile nature of the threat. The hackers claimed their primary motivation was Dolan’s use of facial recognition technology. MSG venues, including the Sphere in Las Vegas and Radio City Music Hall, use biometric scanning to identify patrons. While the leaked data did not appear to include face-recognition templates, it did contain numerous complaints from individuals who believed they were erroneously blacklisted by the system. Broader Impact and Implications The exposure of MSG’s internal VIP tracking and the subsequent data breach have significant implications for privacy and corporate ethics. Legal experts argue that the collection of such extensive personal data, combined with a "paranoid" internal culture, created a massive security liability. “A company that cannot secure a customer list has no business scanning our faces,” said Darío Maestro, legal director of the Surveillance Technology Oversight Project (STOP). The incident has also intensified calls for legislative action. Assemblyman Mamdani’s proposed bill to ban venues like MSG from collecting biometric data has gained renewed momentum following the breach. Critics argue that the Garden’s practices go beyond standard security and enter the realm of personal vendettas, using sophisticated technology to enforce the whims of its owner. Despite the controversy, the Knicks’ recent success on the court has provided a temporary shield for Dolan. Following the team’s championship victory, the owner enjoyed a rare surge of goodwill. During the victory parade, which drew over 2 million fans to downtown Manhattan, many of the “high risk” and “medium risk” rappers, including Fat Joe and Jadakiss, performed for the crowds. The irony remains: the very people Jim Dolan views as risks to his organization are the ones most essential to the cultural fabric and public image of his franchise. As the Knicks prepare for the next season, the question remains whether MSG will dismantle its surveillance apparatus or if the Garden’s watchful eye will only grow more discerning. Post navigation European Parliament Extends Voluntary Message Scanning for Child Sexual Abuse Material Despite Significant Lawmaker Opposition