Madison Square Garden (MSG) has acknowledged that it was affected by a data breach linked to a cybercrime campaign aimed at Oracle’s E-Business Suite (EBS).
The breach is part of a larger hacking campaign involving the Cl0p ransomware group, which exploited vulnerabilities to access data from over 100 organizations using the enterprise management software.
In November 2025, hackers identified MSG as one of their targets. Following the breach, more than 210GB of archive files were reportedly leaked, suggesting that MSG did not comply with ransom demands.
Initially, MSG did not respond to multiple inquiries regarding the incident. However, the company has since confirmed the breach and has begun notifying individuals whose personal information was compromised.
According to notifications from MSG Entertainment, the affected Oracle EBS instance is managed by a third-party vendor. An investigation revealed that hackers gained access to data in August 2025.
The compromised personal information includes names and Social Security Numbers (SSNs).
While the total number of affected individuals remains unclear, MSG Entertainment informed the Maine Attorney General’s Office that at least 11 residents of the state were impacted.
