Madison Square Garden Data Breach Confirmed Months After Hacker Attack

Madison Square Garden has confirmed being impacted by a data breach stemming from a cybercrime campaign targeting customers of Oracle’s E-Business Suite (EBS) solution.

In the Oracle EBS hacking campaign, the Cl0p ransomware and extortion group exploited zero-day vulnerabilities to gain access to data stored by more than 100 organizations in the enterprise management software.

Madison Square Garden (MSG), the world-famous arena located in New York City, was named by the hackers as a victim of the campaign in November 2025.

Data allegedly stolen from the company — more than 210GB of archive files — was leaked by the cybercriminals soon after, indicating that it had refused to pay a ransom.

MSG did not respond to repeated requests for comment at the time. However, it has now confirmed suffering a data breach and it has started notifying individuals whose personal information was compromised as a result of the cybersecurity incident.

According ...