Madison Square Garden confirmed a data breach after the Cl0p extortion group exploited zero-day vulnerabilities in Oracle’s E-Business Suite as part of a campaign that affected more than 100 organizations. Cl0p leaked over 210GB of stolen archive files after MSG declined to pay, and the company says the impacted Oracle EBS instance was hosted by a third-party vendor with personal data, including names and SSNs, exposed. #Cl0p #OracleEBS #MadisonSquareGarden #MSGEntertainment
Keypoints
- Cl0p exploited zero-day vulnerabilities in Oracle E-Business Suite to access customer data.
- More than 100 organizations were impacted and over 210GB of archive files were leaked.
- Madison Square Garden confirmed its Oracle EBS instance, hosted by a third-party vendor, was breached.
- Stolen personal information included names and Social Security numbers, and affected individuals are being notified.
- The vendor’s investigation reported the theft occurred in August 2025 and MSG reportedly refused to pay the ransom.
Read More: https://www.securityweek.com/madison-square-garden-data-breach-confirmed-months-after-hacker-attack/