MSG's Secret Celebrity Database Tagged Nearly 40,000 People by Sexuality, Race, and 'Risk' Level
A data breach at Madison Square Garden exposed an internal tracking list that sorted celebrities, public figures, and ordinary visitors using labels including 'LGBTQIA,' 'DO NOT HOST,' and a personal 'risk' score.

Key points
- A database breach at Madison Square Garden Entertainment exposed records on nearly 40,000 individuals, according to reporting by WIRED.
- Internal labels in the database included 'LGBTQIA,' 'DO NOT HOST,' and a 'risk' level assigned to each person.
- MSG owner James Dolan's company disputes the accuracy of the WIRED report.
- The breach revealed that the venue appeared to track visitors and public figures by race, sexuality, and perceived threat.
- People who visited MSG venues may have had personal characteristics recorded without their knowledge.
Madison Square Garden, the New York City arena owned by James Dolan's MSG Entertainment, kept a secret internal database that catalogued nearly 40,000 celebrities and other individuals by their sexuality, race, and a personally assigned 'risk' score. That finding comes from WIRED, which obtained records from a breach, meaning an unauthorised leak of data from the company's internal systems.
WIRED contributing editor Noah Shachtman, who led the investigation, discussed his findings on CBS News. The database reportedly carried labels such as 'LGBTQIA' and 'DO NOT HOST,' the latter suggesting that some people were flagged to be turned away at the door. Each entry also carried a 'risk' level, though the report does not spell out exactly how that score was calculated or who assigned it.
How did this information get out?
A breach of MSG's systems exposed the database to outside view. A breach, in plain terms, is when someone without permission gets into a company's private computer files, either by hacking in or through an insider leak. The source article does not detail exactly how the breach occurred or who carried it out.
MSG told WIRED the report is inaccurate. The company has not said which specific details it contests, and no public statement has corrected any individual claim point by point.
What makes this case unusual is not the hacking itself. It is what the hack revealed. Companies collect data on customers all the time, but cataloguing individuals by sexual orientation or race, and assigning them a 'risk' label, raises immediate questions under privacy law in New York and across the United States.
Legal experts who commented to WIRED noted that collecting and storing this kind of personal characteristic data without clear consent could expose MSG to civil liability.
For ordinary people, the practical concern is straightforward. If you attended a game, concert, or event at any MSG venue, your name may appear in a system you never knew existed, alongside tags you never agreed to.
If you are worried your information was collected, you can submit a data access request to MSG Entertainment in writing, asking what personal data the company holds about you. Under some state privacy laws, companies are required to respond. You should also watch your email for phishing attempts, where criminals send fake messages pretending to be from MSG or related services, using the breach as a hook to steal passwords or payment details.



