"In the Oracle EBS hacking campaign, the Cl0p ransomware and extortion group exploited zero-day vulnerabilities to gain access to data stored by more than 100 organizations in the enterprise management software. Madison Square Garden (MSG), the world-famous arena located in New York City, was named by the hackers as a victim of the campaign in November 2025."
"According to notifications from MSG Entertainment, the impacted Oracle EBS instance is hosted and managed by a third-party vendor, whose investigation found that hackers stole data in August 2025. The entertainment company said personal information, including names and SSNs, was compromised."
"Data allegedly stolen from the company was leaked by the cybercriminals soon after, indicating that it had refused to pay a ransom. MSG did not respond to repeated requests for comment at the time. However, it has now confirmed suffering a data breach and it has started notifying individuals whose personal information was compromised."
Madison Square Garden was impacted by a cybercrime campaign targeting Oracle E-Business Suite customers. The Cl0p ransomware and extortion group exploited zero-day vulnerabilities to access data from over 100 organizations. MSG was named as a victim in November 2025, with data allegedly leaked after refusing to pay ransom. The company has now confirmed the breach and begun notifying affected individuals. The compromised Oracle EBS instance was hosted and managed by a third-party vendor, with hackers stealing data in August 2025. Personal information including names and Social Security numbers was compromised, with at least 11 Maine residents affected.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]