The news is a gut punch for cybersecurity professionals and, particularly, for those managing biometric data. The ShinyHunters group has published 45 gigabytes of information stolen from Madison Square Garden Entertainment (MSG) after the company missed a June 15 ransom deadline. Among the files, facial recognition surveillance records stand out, alongside internal threat assessments and personal data from what the hackers claim are 26 million customer and corporate records.

The incident comes as MSG is already facing a federal class action lawsuit challenging the opacity and potential privacy violations of its facial recognition technology. The attack adds fuel to the fire: biometric data, by its very nature immutable, being leaked online substantially escalates the risk for affected individuals.

Inside the 45GB leak

The leaked trove is not just a list of names and addresses. The attackers claim to have “facial recognition surveillance records,” meaning the logs from systems that identify and track visitors’ faces. Such data typically includes images, time-based metadata, and, in some cases, biometric vectors used by modern AI for matching. Internal threat assessments suggest the data may also contain security analyses, perhaps regarding individuals flagged as “at risk” by monitoring apparatuses.

The scale — 26 million records — conveys the extent of exposure. MSG operates high-profile venues like Madison Square Garden, Radio City Music Hall, and the Beacon Theatre, visited by millions each year. It’s not hard to imagine that the stolen data may include information on celebrities, politicians, or executives, potentially exploitable for blackmail or detailed profiling.

Data sovereignty in AI surveillance

For those who design and operate AI-powered surveillance systems, the MSG breach is a wake-up call. Face recognition adoption has surged in entertainment, retail, and transportation, yet deployment architectures too often rely on cloud infrastructure or third-party providers, expanding the attack surface. Once compromised, biometric data cannot be “reset” like a password — the damage is permanent.

The question is: where did this data reside? Had it been kept in an on-premise environment with network segmentation and strict access controls, exfiltration might have been more difficult. No solution is invulnerable, of course, but the principle of data sovereignty — an organization’s ability to maintain full control over its data, without delegating to third parties — becomes critical for sensitive technologies like facial recognition. In Europe, GDPR imposes strict requirements for processing biometric data, including mandatory impact assessments and breach notifications. In the U.S., laws vary by state, but legal and social pressure is mounting.

From a technical standpoint, running inference on local, edge, or on-premise infrastructure allows sensitive data to be processed without leaving the corporate perimeter. Modern facial recognition systems can operate on local GPU servers, reducing latency and eliminating reliance on external connections. Long-term TCO can also prove competitive when factoring in breach costs and fines. AI-RADAR has explored this trade-off in its coverage of on-premise LLM adoption, but the reasoning applies to the entire AI spectrum: keeping data close to computation is often the first step in reducing exposure risks.

Beyond the ransom

The ransomware pattern — exfiltration followed by a threat to publish — is all too familiar. But when stolen data includes biometric information, the damage goes beyond financial and reputational harm. It opens a Pandora’s box: anyone can access the files and use them to train new face recognition models, feed shadow databases, or stage highly targeted phishing attacks. Companies managing such information assets must begin to design their infrastructure with the assumption that the perimeter can be breached: at-rest encryption, multi-factor authentication, and especially zero-trust architectures become non-negotiable.

The MSG case shows it’s no longer just about securing servers and endpoints; we must rethink data governance starting from the point of collection. For the AI and surveillance world, on-premise is not a nostalgia trip for mainframe enthusiasts: it’s an architectural choice that can make the difference between an incident and a catastrophe.