MADISON Square Garden has confirmed being impacted by a data breach stemming from a cybercrime campaign targeting Oracle’s E-Business Suite (EBS) customers, with the Cl0p ransomware and extortion group named by the hackers as the perpetrators in November 2025. The attackers allegedly exploited zero-day vulnerabilities to access data stored by more than 100 organisations, and data stolen from MSG was leaked soon after the incident as the group reportedly refused to pay a ransom.
According to notifications from MSG Entertainment, the impacted Oracle EBS instance is hosted and managed by a third-party vendor, and the investigation found that hackers stole data in August 2025. MSG said personal information, including names and SSNs, was compromised, though the total number affected was not clear; MSG Entertainment told the Maine Attorney General’s Office that 11 of the state’s residents are impacted. The company has started notifying individuals whose information was compromised as a result of the cybersecurity incident.