Data Breaches

Madison Square Garden Data Breach Confirmed Months After Hacker Attack

The company is one of the many victims of the 2025 Oracle E-Business Suite (EBS) hacking campaign.

Madison Square Garden data breach

Madison Square Garden has confirmed being impacted by a data breach stemming from a cybercrime campaign targeting customers of Oracle’s E-Business Suite (EBS) solution.

In the Oracle EBS hacking campaign, the Cl0p ransomware and extortion group exploited zero-day vulnerabilities to gain access to data stored by more than 100 organizations in the enterprise management software.

Madison Square Garden (MSG), the world-famous arena located in New York City, was named by the hackers as a victim of the campaign in November 2025. 

Data allegedly stolen from the company — more than 210GB of archive files — was leaked by the cybercriminals soon after, indicating that it had refused to pay a ransom.

MSG did not respond to repeated requests for comment at the time. However, it has now confirmed suffering a data breach and it has started notifying individuals whose personal information was compromised as a result of the cybersecurity incident.

According to notifications from MSG Entertainment, the impacted Oracle EBS instance is hosted and managed by a third-party vendor, whose investigation found that hackers stole data in August 2025. 

Advertisement. Scroll to continue reading.

The entertainment company said personal information, including names and SSNs, was compromised.

It’s unclear how many people are affected in total, but MSG Entertainment told the Maine Attorney General’s Office that 11 of the state’s residents are impacted. 

Related: 3.5 Million Affected by University of Phoenix Data Breach

Related: Auto Parts Giant LKQ Confirms Oracle EBS Breach

Related: Korean Air Data Compromised in Oracle EBS Hack

Related Content

Cybercrime

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

Data Breaches

The WorldLeaks extortion group claimed to have stolen 720 GB of data from the healthcare testing and laboratory services provider.

Data Breaches

Hackers exploited a zero-day vulnerability in a third-party system to access a KDDI email system for ISPs.

Data Breaches

Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data.

Data Breaches

The professional services giant says it contained the incident, remediated its source, and experienced no operational or service delivery impact.

Cybercrime

In April, ShinyHunters accessed the company’s corporate IT systems and stole patients’ personal and medical information.

Data Breaches

Hackers accessed the insurance giant’s policyholder portal multiple times between June 15 and June 25.

Vulnerabilities

The critical-severity defect allows unauthenticated attackers to take over the E-Business Suite’s Payments product.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version